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ABSTRACT 


Boolean  functions  with  high  correlation  immunity  can  be  used  in  cryptosystems  to  defend 
against  correlation  attacks.  These  functions  are  rare  and  difficult  to  find.  As  the  number 
of  variables  increases,  this  task  becomes  exponentially  more  complex  and  time 
consuming.  Three  different  ways  to  execute  a  program  to  find  the  correlation  immunity 
of  a  function  are  compared  in  this  thesis.  First,  a  program  was  written  in  C  and  executed 
on  a  conventional  CPU.  The  same  program  was  then  executed  on  an  FPGA  on  the  SRC-6 
reconfigurable  computer.  A  similar  program  was  written  in  Verilog  and  executed  on  the 
FPGA.  By  taking  advantage  of  the  parallel  processing  ability  of  the  SRC-6,  a  well- 
programmed  Verilog  macro  can  find  functions  with  high  correlation  immunity  at  a  much 
faster  rate. 

The  SRC-6  reconfigurable  computer  is  used  in  this  thesis  to  find  the  correlation 
immunity  of  millions  of  functions  of  up  to  six  variables.  Rotation  symmetric  and 
balanced  functions  were  examined  to  find  subsets  that  contain  a  high  percentage  of 
functions  with  good  correlation  immunity.  The  nonlinearity  and  correlation  immunity  of 
functions  of  four  and  five  variables  were  compared  to  find  functions  with  the  best  balance 
to  fend  off  both  correlation  and  linear  attacks  on  a  cryptosystem. 
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EXECUTIVE  SUMMARY 


Cryptographically  significant  functions  with  a  concentration  on  functions  with  high 
correlation  immunity  are  examined  in  this  thesis.  For  the  first  time,  the  SRC-6 
reconfigurable  computer  was  used  to  find  the  correlation  immunity  of  millions  of 
Boolean  functions  up  to  six  variables.  Smaller  subsets  of  Boolean  functions  thought  to 
contain  a  higher  percentage  of  functions  with  good  correlation  immunity  were  examined. 
These  subsets  included  the  set  of  rotation  symmetric  functions  and  the  set  of  balanced 
functions.  The  results  and  analysis  from  these  tests  are  discussed  in  this  thesis.  The  SRC- 
6  was  used  to  compute  the  correlation  immunity  and  nonlinearity  of  Boolean  functions  up 
to  five  variables  in  order  to  find  functions  with  the  highest  degree  of  both  these 
properties.  A  comparison  between  the  computation  times  of  a  Verilog  program  executed 
on  an  FPGA  associated  with  the  SRC-6  reconfigurable  computer  and  a  C  program 
executed  on  the  PC  showed  that  the  SCR-6  was  able  to  generate  and  test  functions  at  a 
much  faster  rate  than  the  PC.  An  additional  comparison  showed  the  speed  up  achieved  on 
the  SRC-6  by  using  a  well-programmed  Verilog  macro  over  a  program  written  in  C. 

Boolean  functions  are  of  great  importance  when  designing  running  key 
generators  for  stream  ciphers  in  cryptosystems.  These  stream  ciphers  are  responsible  for 
encrypting  binary  digits  of  plaintext  one  digit  at  a  time  into  ciphertext.  The  ability  to 
defend  a  system  against  cryptanalysis  depends  on  the  Boolean  function  used  for  the 
combiner  function.  This  function  must  meet  certain  criteria  to  yield  a  cryptographically 
secure  scheme  that  can  resist  known  attacks  such  as  linear  and  correlation  attacks.  The 
ideal  function  would  be  bent,  have  high  correlation  immunity,  and  be  balanced. 
Unfortunately,  functions  with  all  these  qualities  do  not  exist;  therefore,  a  balance  between 
these  qualities  must  be  found.  This  thesis  is  primarily  focused  on  finding  functions  with 
high  correlation  immunity,  but  a  comparison  between  the  correlation  immunity,  linearity 
and  balancedness  is  also  examined  and  discussed. 

The  Boolean  function  chosen  for  the  running  key  generator  must  have  a  high 
degree  of  correlation  immunity  to  successfully  defend  a  cryptosystem  against  a 
correlation  attack.  Correlation  immunity  was  defined  by  T.  Siegenthaler  in  1983  in 
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response  to  correlation  attacks.  These  attacks  exploit  a  statistical  weakness  found  in 
functions  with  low  correlation  immunity.  Functions  with  high  correlation  immunity  are 
uncommon  and  difficult  to  find.  No  practical  method  is  known  to  create  functions  with 
high  correlation  immunity,  so  exhaustive  searches  are  required.  By  using  the  SRC-6 
reconfigurable  computer,  the  time  required  to  find  these  functions  was  greatly  reduced. 

In  order  to  find  the  most  effective  way  to  generate  and  test  functions  for 
correlation  immunity,  three  similar  programs  were  written  and  the  computation  time  was 
compared.  The  first  program  was  written  in  the  C  programming  language  and  executed 
on  an  Intel  Xeon  processor  running  at  2.8  GHz,  which  is  one  of  the  two  microprocessors 
associated  with  the  SRC-6.  The  C  code  was  also  modified  to  run  on  the  SRC-6 
reconfigurable  computer,  which  operates  at  a  clock  speed  of  100  MHz.  A  Verilog  macro 
was  written  to  find  the  correlation  immunity  of  a  function  generated  in  C  code.  This 
macro  was  designed  to  take  advantage  of  the  parallel  processing  ability  of  the  field 
programmable  gate  arrays  (FPGA)  and  the  capability  of  the  system  to  pipeline  a  program. 
With  these  advantages,  the  SRC-6  was  able  to  output  the  correlation  immunity  of  a  set  of 
functions  at  a  rate  of  one  result  per  clock  cycle.  Using  the  Verilog  macro  for  four 
variables  on  the  SRC-6,  we  obtained  a  speed-up  of  close  to  400  times  the  PC  code  and 
1800  times  over  the  C  code  run  on  SRC-6. 

With  the  ability  to  test  one  function  every  clock  cycle,  100,000,000  functions  can 
be  tested  every  second.  This  value  is  only  limited  by  the  clock  speed  of  the  SRC-6.  Even 
at  this  rate,  all  functions  with  six  variables  cannot  be  exhaustively  tested  in  a  feasible 
amount  of  time.  By  finding  smaller  test  sets  and  relationships  between  functions  with 
other  cryptographically  significant  properties,  functions  of  larger  number  of  variables 
with  higher  correlation  immunity  may  be  found. 
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FPGA 

Field  Programmable  Gate  Array 

FUT 
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Multiplexor 
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I.  INTRODUCTION 


A.  PROBLEM  DEFINITION 

Functions  with  high  correlation  immunity  are  vital  in  defending  cryptosystems 
against  correlation  attacks.  These  functions  are  rare,  and  the  only  known  practical  way  to 
find  these  functions  is  through  an  exhaustive  search.  In  order  to  test  for  the  correlation 
immunity  of  a  Boolean  function,  a  program  written  in  the  C  programming  language  was 
executed  on  both  the  SRC-6  reconfigurable  computer  with  a  100  MHz  clock  and  on  the 
Intel  Xeon  processor  that  operates  at  2.8  GHz.  A  similar  program,  written  as  a  Verilog 
macro  for  computation  and  C  code  for  enumeration,  was  compiled  and  run  on  the  SRC-6. 
The  execution  times  were  compared  to  find  the  most  effective  way  to  generate  and  test 
the  correlation  immunity  of  millions  of  functions.  The  time  required  to  evaluate  all 
functions  with  more  than  five  variables  makes  an  exhaustive  search  of  all  functions 
infeasible.  Examining  the  properties  of  functions  with  high  correlation  immunity  helps  in 
discovering  subsets  of  Boolean  functions  rich  in  functions  with  high  correlation 
immunity.  This  allows  functions  with  high  correlation  immunity  of  more  variables  to  be 
found  faster  with  less  testing.  The  correlation  immunity  of  all  rotation  symmetric 
functions  and  balanced  functions  was  examined  in  the  search  for  smaller  test  sets.  In 
addition,  functions  that  possess  other  cryptographically  significant  properties,  such  as 
high  nonlinearity,  are  extremely  important  to  find.  This  way  the  function  can  defend 
against  other  known  attacks.  The  relationship  between  nonlinearity  and  correlation 
immunity  of  all  functions  up  to  five  variables  was  examined.  The  results  were  examined 
to  find  functions  that  had  high  degrees  of  multiple  cryptographic  properties. 

B.  BACKGROUND 

The  correlation  immunity  of  a  Boolean  function  was  defined  by  T.  Siegenthaler  in 
1983  in  response  to  correlation  attacks  [8].  Correlation  immunity  is  a  measure  of  the 
degree  the  outputs  of  a  Boolean  function  are  uncorrelated  with  different  subsets  of  the 
function’s  inputs.  Boolean  functions  with  low  order  correlation  immunity  are  more 
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susceptible  to  correlation  attacks  than  functions  with  higher  order  correlation  immunity. 
Discovering  effective  techniques  to  find  functions  with  high  correlation  immunity  are  of 
great  value  in  the  field  of  cryptology. 

Cryptology  is  a  widely  used  tool  in  communications,  computer  networks,  and 
computer  security.  Some  of  its  applications  include  ATM  cards,  computer  passwords, 
remote  computer  login  and  commerce.  Since  World  War  II  and  the  development  of 
digital  computers,  the  methods  used  for  encrypting  data  have  become  increasingly  more 
complex  and  the  application  of  encryption  more  widespread.  These  advances  have  also 
led  to  more  advanced  cryptanalysis,  the  study  of  methods  for  decrypting  information 
without  the  key,  which  has  created  the  need  for  more  complex  ciphers.  A  cipher  is  a  pair 
of  algorithms  that  are  used  to  encrypt  and  decrypt  data.  The  stream  cipher  used  in  running 
key  generators  is  made  up  of  multiple  linear  feedback  shift  registers  (LSFR)  that  are 
combined  by  a  Boolean  function  to  form  the  keystream.  The  keystream  is  then  bitwise 
Exclusive-OR’d  with  the  plaintext  to  create  the  ciphertext.  A  typical  keystream  generator 
for  a  cryptosystem  is  illustrated  in  Figure  1.  The  symbols  Si,S2,  —,S„  represent  the  LSFRs, 
/  represents  the  combiner  function,  a  Boolean  function  of  n  variables,  and  k  is  the 
keystream. 


Figure  1.  Keystream  generator  from  [6]. 

Most  of  the  reliability  and  security  of  the  cryptosystems  lies  in  the  Boolean 
function  used  for  the  combiner  function.  Correlation  attacks  are  possible  when  there  is  a 
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significant  correlation  between  the  output  state  of  an  individual  LSFR  in  the  keystream 
generator  and  the  output  of  the  combiner  function.  When  this  occurs,  the  attacker  is  able 
to  recover  the  different  initializations  of  the  LSFRs  separately  to  reduce  the  cost  of  an 
exhaustive  search.  This  greatly  reduces  the  complexity  of  the  attack. 

The  complexity  of  a  brute  force  attack  on  the  system  is  ]”[  (2/':  - 1  j  where  Lt  is 

the  length  of  the  z-th  LSFR.  If  the  combining  function  is  chosen  to  create  a  relationship 
between  the  keystream  and  the  output  of  the  z-th  LSFR,  then  it  is  possible  to  only  try  all 
2L'  - 1  possible  initiations  of  the  z-th  LSFR;  it  is  highly  probable  that  the  correct  initiation 
will  be  detected.  This  reduces  the  complexity  of  a  brute  force  attack 

ton  '  ,  -l)  +  2i'’  -1  [5].  If  the  combining  function  has  correlation  immunity  k, 

then  the  correlation  attack  must  consider  at  least  (k  + 1)  different  registers  simultaneously. 

While  high  correlation  immunity  is  necessary  when  choosing  the  Boolean 
function  for  the  keystream  generator,  it  is  not  sufficient  to  make  the  cryptosystem  secure. 
Most  combiner  functions  combine  criteria  such  as  balancedness,  nonlinearity,  high 
correlation  immunity  and  high  algebraic  immunity  to  ensure  resistance  to  known  attacks. 
Since  functions  that  have  the  best  of  all  these  properties  do  not  exist,  necessary  trade-offs 
must  be  considered  when  choosing  the  combiner  function  in  a  keystream  generator.  We 
first  look  at  finding  functions  with  high  correlation  immunity  and  then  evaluate  these 
functions  for  other  desirable  cryptographic  features. 

C.  METHOD 

The  only  known  primary  methods  for  constructing  resilient  functions  are  for  small 
numbers  of  variables  and  do  not  allow  for  designing  functions  with  a  high  degree  or  high 
nonlinearity  [7].  Secondary  constructions  use  previously  defined  functions  to  create  new 
ones.  These  techniques  use  recursive  algorithms  that  are  not  adequate  in  realistic 
applications.  Since  there  is  no  known  practical  way  to  generate  a  function  with  high 
correlation  immunity,  an  exhaustive  search  of  all  functions  must  be  performed.  To  test  a 
function  of  n  variables  for  correlation  immunity  k,  a  function  is  broken  into  2k  subsets 

C(n,k)  times.  Each  time  the  number  of  ones  in  each  subset  is  calculated  and  compared  to 
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the  number  of  ones  in  all  other  subsets.  As  n  increases,  so  does  the  number  of  tests  for 
each  correlation  immunity  value  and,  therefore,  the  time  required  to  fully  test  each 
function. 

When  using  a  conventional  CPU,  each  function  is  tested  for  every  value  of 
correlation  immunity  before  the  next  function  is  processed.  This  is  very  inefficient.  The 
SRC-6  allows  the  use  of  a  type  of  parallel  programming  called  pipelining.  This  ability  is 
extremely  valuable  when  a  program  has  a  long  delay  and  can  be  split  into  multiple  steps 
to  reach  the  final  result.  When  finding  the  correlation  immunity  of  a  function,  the 
incoming  function  under  test  (FUT)  does  not  depend  on  the  results  of  the  previous  FUT 
and,  thus,  allows  pipelining.  Here,  the  incoming  function  can  start  the  first  step  as  soon  as 
the  previous  function  moves  to  the  next  step  in  the  testing.  By  breaking  the  program  into 
efficient  steps,  once  the  first  function  completes  the  final  phase  an  output  will  result 
every  clock  cycle.  The  total  run  time  then  depends  on  the  clock  speed.  The  SRC-6 
reconfigurable  computer  used  for  this  thesis  had  a  clock  speed  of  100  MHz,  which 
allowed  100,000,000  functions  to  be  tested  every  second. 

D.  THESIS  OUTLINE 

The  introduction,  including  the  objective  and  background  infonnation,  is 
contained  in  Chapter  I.  Definitions  and  lemmas  used  in  this  thesis  and  a  discussion  on 
finding  functions  with  high  correlation  immunity  are  discussed  in  Chapter  II.  The  circuit 
used  in  this  thesis  is  discussed  and  examined  in  Chapter  III.  The  analysis  of  the  results  is 
contained  in  Chapter  IV.  The  conclusion  and  recommendations  for  further  work  are 
contained  in  Chapter  V.  The  code  for  the  SRC-6  is  contained  in  Appendix  A.  The  code 
for  the  PC  is  contained  in  Appendix  B. 
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II.  CRYPTOGRAPHICALLY  SIGNIFICANT  FUNCTIONS 


A.  BACKGROUND 

1.  Definitions 

a.  Boolean  Functions 

A  Boolean  function  /  on  n  variables  is  a  map  from  the  //-dimensional 
vector  space  Vn  to  F2,  the  two-element  field.  For  a  function  /,  let  f0  =  f  (0,0,.. .,0),  fx  = 

f  (0,0,..., 1),  ...,  and  /r  |  =  / (1,1 . 1).  The  sequence  of  bits,  TT=  (/0  /1.../2„_1)  is  the 

truth  table  representation  of  /  [2]. 

b.  Correlation  Immunity 

An  //-variable  function/has  correlation  immunity  of  order  k  if  and  only  if, 
for  every  fixed  set  of  S  of  k  variables,  1  <  k  <  n 1 ,  and  for  every  assignment  of  values  to  the 
variables  in  S,  the  weights  of  all  sub  functions  are  the  same  [1]. 

Example :  The  following  truth  table  shows  the  output  for  the 
function /(xj,x2,x3,x4)  =  x,  © x2  © x3  © x4 .  To  test  this  function  for  correlation  immunity 
of  2,  all  possible  combinations  of  two  variables  must  be  considered.  There  are  six  ways 
to  choose  two  out  of  the  four  variables.  For  this  example,  x{  and  x2are  the  two  selected 
variables.  These  two  variables  can  be  assigned  four  different  values,  00,  01,  10  and  11. 
In  order  to  pass  this  test  for  correlation  immunity,  the  number  of  ones  in  the  function 
value  for  each  subset  of  these  two  variables  must  be  the  same.  For  this  function  to  have 
correlation  immunity  of  2,  all  combinations  of  two  variables  must  pass  this  same  test.  The 
number  of  ones  for  each  possible  value  of  xx  and  x ,  is  shown  in  Table  1.  In  this  case,  the 
number  of  ones  are  the  same  so  the  test  is  passed. 
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Table  1.  The  results  of  one  test  for  a  correlation  immunity  of  two  [1 1]. 


x,x7x7x4 

/ 

00 

01 

10 

11 

0000 

0 

0 

0001 

1 

1 

0010 

1 

1 

0011 

0 

0 

0100 

1 

1 

0101 

0 

0 

0110 

0 

0 

0111 

1 

1 

1000 

1 

1 

1001 

0 

0 

1010 

0 

0 

1011 

1 

1 

1100 

0 

0 

1101 

1 

1 

1110 

1 

1 

mi 

0 

0 

#  of  ones 

8 

2 

2 

2 

2 

c.  Linear  Functions 

A  linear  function  is  the  Exclusive-OR  of  one  or  more  variables  or  the 
constant  zero  function  [2]. 

Example:  f(X\ ,  x2 ,  x3 )  =  xl  ®  x2 
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d.  Affine  Functions 


An  affine  function  is  a  linear  function  or  the  complement  of  a  linear 

function  [2]. 

Example :  f(xl ,  x2 ,  x3 )  =  xt  ©  x2  ©  1 

e.  Hamming  Distance 

The  Hamming  distance  between  two  functions  is  the  number  of  places 
where  their  truth  table  representations  disagree  [2]. 

f  Nonlinearity 

The  nonlinearity  of  a  function  /  is  the  minimum  Hamming  distance 
between  /  and  all  affine  functions  [2], 

g.  Bent  Functions 

A  bent  function  has  the  largest  nonlinearity  of  all  Boolean  functions  [2], 

h.  Rotation  Symmetric 

A  function  is  rotation  symmetric  if  it  is  invariant  under  all  cyclic  rotations 
of  the  inputs.  Rotationly  symmetric  functions  can  be  divided  into  orbits  so  that  each  orbit 
consists  of  all  cyclic  shifts  of  one  input  [9]. 

Example :  The  truth  table  for  the  function  /  =  xx  ©  x2  ©  x3  ©  x4  is 

illustrated  in  Table  2.  This  function  is  a  rotation  symmetric  function  of  four  variables. 
One  cycle  is  shown  for  each  of  the  six  orbits  in  the  top  row  of  the  table.  Since  the  value 
remains  unchanged  for  all  cyclic  rotations  of  that  orbit,  the  function  is  rotation 
symmetric. 
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Table  2.  Rotation  symmetric  truth  table. 


X[X  2X3X4 

f 

0000 

0001 

0011 

0101 

0111 

1111 

0000 

0 

0 

0001 

1 

1 

0010 

1 

1 

0011 

0 

0 

0100 

1 

1 

0101 

0 

0 

0110 

0 

0 

0111 

1 

1 

1000 

1 

1 

1001 

0 

0 

1010 

0 

0 

1011 

1 

1 

1100 

0 

0 

1101 

1 

1 

1110 

1 

1 

1111 

0 

0 

f  value 

0 

1 

0 

0 

1 

0 

i.  Balanced  Functions 

A  balanced  function  has  the  same  number  of  Is  and  Os  in  its  truth  table 

form. 


j.  Resiliency 

A  balanced  function  with  correlation  immunity  k  is  said  to  be  ^-resilient 


8 


2. 


Lemmas 


Lemma  2.1.  If  a  function  f  has  correlation  immunity  of  order  k,  then  f  is  also 
correlation  immune  of  k-1  and  may  or  may  not  have  correlation  immunity  of 
order  k+1.  [6] 

Lemma  2.2.  The  complement  of  a  function  has  the  same  correlation  immunity  as 
that  of  the  original  function. 

Proof  By  the  definition  of  correlation  immunity,  an  n-variable  function  /  has 
correlation  immunity  of  order  k  if  and  only  if,  for  every  fixed  set  of  S  of  k 
variables,  1  <  k  <  n  ,  and  for  every  assignment  of  values  to  the  variables  in  S,  the 
weights  of  all  subfunctions  are  the  same.  The  weight  is  calculated  by  the  number 
of  Is  in  each  sub  function.  If  the  size  of  each  of  the  sub  functions  is  the  same,  then 
the  number  of  Os  in  each  subfunction  must  be  the  same.  This  implies  that  the 
weight  of  every  subfunction  of  f  s  complement  is  the  same.  Therefore,  the 
complement  of  a  function  has  the  same  correlation  immunity  of  the  original 
function.  Q.E.D. 

Lemma  2.3.  The  only  functions  with  correlation  immunity  n  are  the  zero 
functions  and  the  function  whose  TT  value  consists  of  all  ones. 

Proof.  For  a  function  to  have  correlation  immunity  of  order  n,  all  2"  subsets  must 
have  an  equal  number  of  Is.  Since  the  truth  table  for  a  function  of  n  variables  only 
has  2"  values,  then  they  must  all  be  the  same  for  all  TT  entries.  The  only  way  to 
have  all  values  the  same  is  either  all  ones  or  all  zeros.  Therefore,  the  only 
functions  with  correlation  immunity  n  are  the  constant  zero  and  one.  Q.E.D 

B.  CRYPTOGRAPHICALLY  SIGNIFICANT  SUBSETS 
1.  Rotation  Symmetric  Functions 

Rotation  Symmetric  functions  are  functions  whose  value  remains  unchanged 
when  the  variables  in  the  function  are  rotated  circularly  to  each  of  the  possible  positions. 

The  total  space  of  these  functions  is  much  smaller  («  22  '")  than  the  space  of  all  Boolean 
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functions  (22  ).  It  has  been  experimentally  shown  that  this  set  contains  functions  with 
very  desirable  cryptographically  properties,  such  as  good  algebraic  immunity  (resistance 
to  algebraic  attack),  balancedness,  high  correlation  immunity  and  algebraic  degree  [9]. 

2.  Balanced  Functions 

A  balanced  function  has  an  equal  number  of  Is  and  Os  in  its  truth  table  values. 
Balancedness  is  an  important  cryptographic  criteria  for  designing  the  combiner  function 
in  order  to  prevent  the  system  from  leaking  statistical  information  on  the  plaintext  when 
given  the  ciphertext.  The  number  of  balanced  functions  isC(2",2"_1).  Although  this 

space  is  quite  large,  other  properties  of  functions  with  high  correlation  immunity  can  be 
used  to  decrease  the  size.  If  the  correlation  immunity  of  a  function  is  k,  these  balanced 
functions  are  k-resilient. 


3,  Nonlinearity 


In  order  to  break  the  linear  property  of  the  LSFRs,  increase  the  period  complexity 
of  the  output  sequence  and  avoid  linear  attack,  the  combining  function  must  be  highly 
nonlinear.  The  nonlinearity  of  a  function  is  the  minimum  Hamming  distance  between  f 
and  all  affine  functions.  Functions  with  the  highest  nonlinearity  are  called  bent  functions. 
Bent  functions  are  not  balanced  and  therefore  will  have  a  correlation  immunity  of  at  most 
n-2.  It  has  been  shown  that  the  nonlinearity  of  any  k-resilient  function  is  smaller  than  or 

equal  to  2”1-2A+1  if«  / 2  —  1  <  k  +  1 ?  to  2”  1 -2"  ‘ 1 -2/,+1  if  n  is  even  and 


n  12- 


1  -  ^  + 1  and  to  2"~  ~2  +[2'"~~  ^  ifnisoddand  n/2-\>k  +  \^_ 


C.  TESTING  FOR  CORRELATION  IMMUNITY 


For  functions  of  five  variables  or  less,  all  functions  can  be  exhaustively  tested  in  a 
reasonable  amount  of  time.  These  functions  were  all  tested  on  the  SRC-6  reconfigurable 
computer.  The  code  is  included  in  Appendix  A.  The  correlation  immunity  distribution  for 
all  functions  of  n— 3,  4  and  5  variables  is  shown  in  Table  3. 
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Table  3.  Distribution  of  correlation  immunity  for  n= 3,4  and  5. 


n  /  Correlation 
Immunity 

0 

1 

2 

3 

4 

5 

3 

236 

16 

2 

2 

0 

0 

4 

64,888 

636 

8 

2 

2 

0 

5 

4,291,827,234 

3,139,004 

1044 

10 

2 

2 

The  rare  nature  of  functions  with  high  correlation  immunity  is  shown  in  Table  3. 
The  number  of  functions  with  a  given  correlation  immunity  is  known  mathematically  for 
functions  of  any  number  of  variables,  but  how  to  construct  those  functions  is  not  [14]. 
The  functions  with  correlation  immunity  n  are  the  zero  function  and  the  function  whose 
TT  values  are  all  1  which  are  not  of  interest  for  cryptology.  As  the  number  of  variables 
increases,  the  percentage  of  functions  with  correlation  immunity  greater  than  0  decreases 
exponentially.  This  makes  finding  these  functions  increasingly  harder  as  the  variable  size 
increases. 

A  common  size  of  a  function  used  for  cryptosystems  is  1024  bits,  which  is  a 
function  of  ten  variables.  Since  most  computers  have  a  maximum  register  size  of  64  bits, 
finding  the  correlation  immunity  of  a  function  greater  than  five  variables  becomes  much 
more  complicated.  The  SRC-6  allows  registers  of  any  size  to  be  created.  The  limitation 
for  finding  the  correlation  immunity  of  a  function  depends  on  the  total  number  of 
functions  and  the  clock  speed  of  the  FPGA.  The  clock  speed  is  directly  related  to  the 
number  of  functions  that  can  be  tested.  Since  the  number  of  functions  increases 
exponentially,  the  clock  speed  needs  to  be  thousands  of  times  faster  just  to  feasibly  test 
for  a  function  of  six  variables.  Increasing  the  clock  speed  is  not  alone  sufficient  to 
effectively  test  for  the  correlation  immunity  of  functions  of  high  variables.  Therefore,  the 
size  of  the  test  set  needs  to  be  reduced. 

A  program  was  written  in  MATLAB  to  find  and  graph  the  correlation  immunity 
for  all  functions  of  four  variables.  The  results  are  shown  in  Figure  2. 
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Correlation  Immunity  of  all  Functions  of  4  Variables 


Figure  2.  Distribution  of  correlation  immunity  for  all  functions,  n= 4. 

The  results  for  65,536  different  functions  of  four  variables  are  shown  in  Figure  2. 
The  program  tested  the  binary  representation  for  the  values  of  0  (0000  0000  0000  0000  in 
binary)  through  65,535  (1111  1111  1111  1111  in  binary).  The  zero  function  and  the 
function  whose  truth  table  values  are  all  1  have  correlation  immunity  of  4  but  are  not  of 
interest  for  cryptographic  purposes.  Most  of  the  functions  have  correlation  immunity  of  0, 
so  the  graph  in  Figure  2  emphasizes  the  functions  with  correlation  immunity  greater  than 
0.  This  is  a  very  small  percentage  of  all  Boolean  functions.  The  results  are  symmetric 
around  the  center  of  the  test  group.  This  supports  Lemma  2.2  that  states  the  correlation 
immunity  of  a  function’s  complement  is  the  same  as  the  function’s.  By  only  testing  the 
first  half  of  all  Boolean  functions  of  a  given  variable,  the  number  of  functions  needing  to 
be  tested  can  be  cut  in  half. 
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Figure  4  is  a  close  up  of  Figure  3.  It  can  be  seen  that  all  funtions  of  value  255 
(0000  0000  1 1 1 1  1 1 1 1)  and  less  have  correlation  immunity  0  with  the  exception  of  the 
zero  function. 


Correlation  Immunity  of  all  Functions  of  4  Variables 
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Figure  3.  A  close  up  section  of  the  graph  of  correlation  immunity  of  all  functions, 

n= 4. 


This  is  due  to  the  fact  that  a  function  that  has  a  correlation  immunity  of  1  for  a 
function  of  four  variables  requires  that  the  function’s  TT  values  have  an  equal  number  of 
Is  for  each  subset  of  eight  bits  for  the  four  required  tests.  One  such  test  divides  the 
function  into  a  set  of  the  first  eight  bits  and  a  set  of  the  second  eight  bits.  Any  function 
whose  decimal  value  is  less  than  or  equal  to  255  will  not  have  a  1  in  the  first  eight  bits. 
Therefore,  that  function  will  fail  at  least  one  test  for  a  correlation  immunity  of  1  which 
results  in  a  correlation  immunity  of  0,  with  the  exception  of  the  zero  function.  The  test 

size  can  be  reduced  by  22  11 .  In  fact,  in  the  case  of  functions  of  four  variables,  the  first 
function  with  correlation  immunity  of  1  does  not  occur  until  close  to  the  functions  whose 
decimal  value  is  400.  By  finding  more  trends,  the  test  size  can  be  further  reduced. 
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D. 


SUMMARY 


Definitions  for  terms  used  throughout  this  thesis  which  included  descriptions  of 
important  characteristics  for  combiner  functions  used  in  cryptosystems  were  provided  in 
this  thesis.  Testing  for  the  correlation  immunity  was  discussed.  The  implementation  of 
the  circuit  used  to  find  the  correlation  immunity  of  a  function  is  covered  in  the  next 
chapter. 
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III.  IMPLEMENTATION 


A.  SRC-6  CIRCUIT 


A  circuit  was  created  to  compute  the  correlation  immunity  of  a  function  of  n 
variables.  The  block  form  is  shown  in  Figure  4. 


Correlation 

Immunity 


Figure  4.  Circuit  for  computing  the  correlation  immunity  of  a  function. 

This  circuit  was  built  using  the  Verilog  programming  language  and  executed  on 
the  SRC-6  rcconfigurablc  computer.  The  SRC-6  uses  the  Xilinx  Vertex2  Pro  FPGA.  The 
circuit  takes  a  function  of  size  2"  and  tests  that  function  for  correlation  immunity  1 
through  n  simultaneously.  The  priority  encoder  receives  a  one-bit  signal  from  each  test 
block  and  outputs  the  correlation  immunity  of  the  function.  A  more  thorough  look  at  the 
test  blocks  is  included  in  the  following  section. 

B.  CIRCUIT  COMPONENTS 

The  circuit  shown  below  is  used  to  test  whether  a  function  passes  a  test  for 
correlation  immunity  k. 
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Figure  5.  Block  diagram  of  the  components  used  to  test  a  function  of  n  variables  for 

correlation  immunity  k. 


1.  Test  for  K  Blocks 

a.  Combination  Counter 

The  combination  counter  enumerates  all  values  for  C(n,k)  combinations. 
This  block  supplies  an  index  to  the  constant  weight  convertor.  The  range  of  the 
combination  counter  is  based  on  the  combinatorial  number  system.  In  a  C(n,k) 
combinatorial  number  system,  integer  N<C(n,k)  is  represented  as  N=ckck-l...cl,  where 
N  =  C(ck,k)  +  C(ck_l,k- 1)  + . . .  +  C(q ,  1) ^such  that  ck>ck_ i > . .  >o  [ 1 0] . 

Example:  The  representation  of  numbers  in  the  C(6,3)  combinatorial 
number  system  where  0<N<19  is  shown  in  Table  4.  Each  value  for  N  can  be  transformed 
into  a  binary  constant  weight  codeword  with  k  Is  using  the  definition  above.  The  twenty 
different  values  of  N  correspond  to  every  possible  way  to  distribute  k  ones  over  n 
different  positions. 
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Table  4.  The  C(6,3 )  combinatorial  number  system  for  0<N<19  from  [10] 


N 

Ci,c2,c3  for  k=  3 

Constant  Weight 

Codeword 

19 

543 

111000 

18 

542 

110100 

17 

541 

110010 

16 

540 

110001 

15 

532 

101100 

14 

531 

101010 

13 

530 

101001 

12 

521 

100110 

11 

520 

100101 

10 

510 

100011 

9 

432 

011100 

8 

431 

011010 

7 

430 

011001 

6 

421 

010110 

5 

420 

010101 

4 

410 

010011 

3 

321 

001110 

2 

320 

001101 

1 

310 

001011 

0 

210 

000111 

b.  Index  to  Constant  Weight  Convertor 

For  each  value  from  the  combination  counter,  the  constant  weight 
convertor  produces  a  binary  output  of  size  n  with  k  ones  and  (n-k)  zeros.  The  circuit  for 
an  index  to  constant  weight  converter  for  n= 6  and  k=3  is  shown  in  Figure  6. 


Index 


Figure  6. 


Example  of  a  constant  weight  codeword  generator  circuit  from  [10]. 


This  circuit  is  made  up  of  a  cascade  of  k  lookup  tables  (LUTs).  At  the  first 
stage,  the  index  value  is  compared  to  n-k+1  values  to  determine  the  position  of  the  first  1 
in  the  constant  weight  codeword.  This  1  could  be  placed  in  the  first  through  the  fourth 
position  in  the  example  shown.  In  order  for  a  1  to  be  placed  in  the  first  position,  the  index 
must  be  greater  than  or  equal  to  C(n-l,k).  If  the  index  is  not  greater  than  or  equal  to  C(n- 
l,k),  it  must  be  greater  than  or  equal  to  C(n-2,k)  to  be  placed  in  the  second  position.  This 
process  continues  n-k+1  times.  The  final  comparison  will  be  between  the  index  and  the 
value  of  C(k-l,k),  which  is  zero.  A  1  will  be  placed  in  the  constant  weight  codeword  at 
the  highest  possible  position  based  on  the  comparisons.  The  highest  value  of  the 
comparisons  passed  will  be  subtracted  from  the  index  value  and  that  value  will  be  used  in 
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the  next  LUT  to  determine  the  placement  of  the  next  1  in  the  constant  weight  codeword. 
At  the  end  of  the  k  LUTs,  the  index  value  will  be  0  and  a  constant  weight  codeword  with 
k  Is  will  be  output. 

The  Is  in  the  output  represent  the  selected  variables  for  the  test  for  correlation 
immunity  k.  In  order  for  a  function  to  have  correlation  immunity  k,  the  function  must 
have  the  same  number  of  Is  in  each  subset  for  all  combinations  of  k  variables.  Each  index 
provides  a  different  way  to  select  k  variables.  Then  all  possible  values  of  the  chosen 
variables  are  enumerated  in  the  variable  distributor. 

c.  Variable  Distributor 

The  variable  distributor  assigns  a  binary  value  of  n  bits  that  represent  an 
entry  in  the  function’s  TT.  A  variable  distributor  is  needed  for  each  value  of  the  two 
counters.  Counter  1  counts  from  zero  to  2k- 1.  This  enumerates  all  possible  binary 
combinations  of  the  k  Is  in  the  constant  codeword.  For  example,  for  n=6  and  k=3,  the 
counter  ranges  from  000  to  111.  These  values  are  placed  in  order  from  most  significant 
to  least  significant  bit  in  the  position  corresponding  to  a  1  in  the  constant  weight 
codeword.  This  divides  the  2n  TT  entries  into  k  subsets.  Counter  2  counts  from  zero  to 
(2n-k-l).  For  each  subset  created  by  counter  1,  counter  2  enumerates  all  possible 
combinations  for  the  other  n-k  positions.  These  positions  are  represented  by  0  in  the 
constant  weight  codeword.  For  each  value  of  counter  1,  counter  2  will  cycle  through 
completely.  Each  time  this  occurs,  one  of  the  2k  subsets  is  created.  The  values  of  each 
combination  from  the  counter  are  sent  to  the  multiplexor  (MUX). 

d.  Multiplexor 

For  each  multiplexor  (MUX)  value,  the  variable  distributor  outputs  an  n 
bit  value  that  is  then  applied  to  an  n  x  2n  MUX  that  selects  the  corresponding  TT  table 
value  of  the  function  under  test  (FUT). 
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e.  Adder 

Once  counter  2  enumerates  all  values,  the  weight  of  the  subset  is 
calculated  and  then  compared  to  the  number  of  Is  for  subset  created  by  each  enumeration 
of  counter  1.  If  the  number  of  Is  is  the  same  for  all  subsets,  the  test  is  passed  for  that 
combination  counter  value  and  the  combination  counter  is  then  incremented  and  the 
process  is  continued.  If  all  tests  are  passed  for  that  value  of  k,  a  1  is  set  to  the  priority 
encoder. 

2.  Priority  Encoder 

The  priority  encoder  examines  the  elements  of  a  vector  of  length  (n+l)  which 
contains  a  1  in  the  position  corresponding  to  the  value  of  k  that  the  function  passed  all  the 
tests  for  correlation  immunity  k.  The  priority  encoder  selects  the  position  of  the  highest  1 
in  the  vector  and  returns  the  position  value  as  the  correlation  immunity  of  the  function. 

C.  PC  CIRCUIT 

The  circuit  shown  in  Figure  7  was  implemented  in  C.  It  was  run  on  an  Intel  Xeon 
processor  using  a  conventional  compiler.  This  C  code  was  also  run  on  the  SRC-6 ’s  Xilinx 
Virtex2  Pro  FPGA.  The  SRC-6 ’s  compiler  can  convert  C  code  to  Verilog,  which  creates  a 
circuit  on  the  FPGA.  Normally,  the  C  code  run  on  the  FPGA  is  simple  code  used  to 
support  the  computation  intensive  Verilog  code  that  runs  on  the  FPGA.  This  experiment 
served  to  improve  understanding  of  whether  computation  intensive  C  code  could  be 
effectively  compiled  into  Verilog  code. 
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Figure  7.  Process  for  computing  the  correlation  immunity  of  a  function  using  the 

pc 

This  circuit  is  similar  to  the  circuit  discussed  in  Chapter  III. A  except  once  a 
function  fails  a  test  for  correlation  immunity  it  is  removed.  The  tests  for  k  blocks  are 
implemented  in  the  same  manner  and  will  not  be  discussed  further.  This  circuit  takes 
advantage  of  the  fact  that  most  Boolean  functions  have  a  correlation  immunity  of  0.  With 
this  technique,  no  unnecessary  tests  are  performed.  The  disadvantage  is  the  tests  are  not 
performed  in  parallel,  which  causes  a  larger  delay  for  functions  that  pass  more  tests.  Both 
the  SRC-6  and  the  Intel  Xeon  processor  were  less  efficient  at  executing  this  code  than  the 
circuit  shown  in  Figure  1.  These  results  are  shown  in  Chapter  IV.B.2  of  this  thesis.  The 
code  is  included  in  Appendix  B. 

D.  SUMMARY 

The  circuit  block  diagrams  for  the  circuit  used  to  test  a  function  for  correlation 
immunity  written  in  both  Verilog  and  C  programming  language  were  provided.  The 
blocks  were  discussed  in  detail  to  explain  the  method  used  to  find  the  correlation 
immunity. 
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IV.  RESULTS  AND  ANALYSIS 


A.  SRC-6 

1.  Background 

The  SRC-6  recon  figurable  computer  was  used  for  the  data  collection  in  this 
thesis.  The  SRC-6  allows  the  user  more  flexibility  to  achieve  high  performance.  A 
microprocessor  requires  the  user  to  adapt  the  program  to  its  architecture  while  the 
reconfigurable  computer  allows  the  user  to  adapt  the  computer  to  their  program.  By 
choosing  an  efficient  logic  design,  the  user  can  achieve  optimum  performance. 

The  SRC-6  is  composed  of  two  PCs,  each  with  Pentium  IV  processor  and  five 
Multi-Adaptive  Processing  (MAP)  boards.  Each  MAP  contains  three  high  density  Xilinx 
Vertex-2  FPGAs,  two  of  which  can  programmed  and  one  for  control.  The  SRC-6  has 
four  banks  of  common  memory,  8  GB  each. 

Multiple  files  are  required  to  run  a  program  on  the  SRC-6.  Code  can  be  executed 
to  run  on  one  of  the  two  Intel  microprocessors  associated  with  SRC-6  or  on  the  MAP. 
The  file  structure  of  a  typical  project  using  a  user-defined  macro  is  shown  in  Figure  8. 
The  file  main.c  is  written  in  C  code  and  is  run  on  the  Intel  processor.  The  file  main.c  calls 
a  subroutine,  which  is  run  on  the  map.  The  subroutine,  subr.mc,  is  run  on  the  MAP  and  is 
also  written  in  C.  The  subr.mc  file  may  make  a  function  call  to  a  Verilog  macro,  either 
built-in  or  created  by  the  user.  A  makefile  is  used  to  control  computation  and  is  run  on 
the  PC.  The  makefile  will  indicate  whether  a  user-defined  macro  was  used  in  the  project. 
If  a  user  defined  macro  is  included,  then  three  additional  files  are  needed.  A  black  box 
file,  blk.v,  lists  the  inputs  and  outputs  to  the  macro.  An  information  file,  info,  contains  the 
type  of  macro,  length  of  latency  and  additional  code  for  debugging  purposes.  Fastly,  the 
macro  file  itself  is  the  code  used  to  configure  the  FPGAs.  All  three  of  these  files  are 
written  in  Verilog. 
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Figure  8.  Process  for  computing  the  correlation  immunity  of  a  function  using  the 

PC,  from  [3]. 


2.  Speed  Up 

The  FPGAs  on  the  SRC-6  have  a  clock  speed  of  100  MHz,  which  is  much  slower 
than  the  1000-3000  MHz  operating  speed  of  a  PC.  Through  sophisticated  use  of 
parallelism,  even  with  the  much  slower  clock  speed,  the  SRC-6  is  capable  of  processing 
information  at  a  much  higher  speed  than  the  PC. 

In  order  to  find  the  most  efficient  way  to  test  for  the  correlation  immunity  of 
millions  of  functions,  three  different  programs  were  written.  One  program  was  written  in 
C  code  and  executed  on  the  Intel  Xeon  processor  at  2.8  GHz.  The  same  program  was 
placed  in  the  subr.mc  file  and  run  on  the  MAP.  Finally,  a  macro  was  written  to  find  the 
correlation  immunity  of  a  given  function  and  run  on  the  MAP.  The  comparison  of 
computation  time  for  all  functions  of  four  variables  can  be  seen  in  Table  5. 
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Table  5.  Comparison  of  computation  time  for  all  Boolean  functions  of  four  variables. 


FPGA  Compute  Time 
Verilog  Macro 
(@  100  MHz) 

FPGA  Compute  Time 

C  code 

(@  100  MHz) 

PC  compute  Time 

C  code 
m  2.8  GHz) 

655.36psec 

1.2387sec 

190msec 

The  SRC-6  program  written  with  a  user  defined  functional  macro  provided  a 
speed  up  of  almost  300  times  that  of  the  PC.  This  increase  is  due  mostly  to  the  parallel 
processing  ability  of  the  SRC-6,  allowing  it  to  test  a  function  for  all  possible  values  of 
correlation  immunity  in  parallel.  Pipelining  allows  the  next  function  to  start  the  testing 
process  as  soon  as  the  previous  function  completes  the  first  testing  stage.  Once  the  first 
function  completes  the  pipeline,  results  will  be  output  every  clock  cycle.  The  PC  is  not 
able  to  achieve  this  and  each  function  is  processed  completely  before  the  next  function 
begins.  The  number  of  tests  for  a  function  of  n  variables  is  2n-l,  so  when  n  increases  by 
one,  the  number  of  test  doubles.  This  means  as  the  number  of  variables  increase,  the 
speed  up  will  at  least  double.  The  Verilog  program  performed  close  to  1900  times  faster 
than  the  C  code  executed  on  the  MAP.  In  this  case  the  compiler  translated  the  C  code  into 
Verilog  and  the  FPGAs  were  configured  based  on  this  code.  The  results  shown  in  Table  5 
prove  that  using  a  Verilog  macro  can  be  much  more  effective  than  letting  the  compiler 
translate  the  code  itself. 

3.  Limitations 

The  main  limitation  for  the  SRC-6  is  the  speed  of  the  FPGA.  At  100  MHz,  a 
maximum  of  100,000,000  functions  can  be  tested  per  second.  The  time  it  would  take  to 
find  the  correlation  immunity  of  all  functions  at  a  rate  of  one  result  per  clock  period  is 
shown  in  Table  6. 
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Table  6.  Time  to  calculate  the  correlation  immunity  of  all  Boolean  functions. 


n 

#  of  Functions 

Computation  Time  for  All 
Boolean  Functions  @100 
MHz 

2 

16 

0.16  //  sec 

3 

256 

2.56  //  sec 

4 

65536 

655.4  //  sec 

5 

42950  x  109 

42.9  sec 

6 

1.8447  x  1019 

5,849  yrs 

7 

3.4028  x  1038 

1.1  x  1023  yrs 

8 

1.1579  x  1077 

3.7  x  1061  yrs 

9 

1.3408  x  10154 

4.3  x  10138  yrs 

It  can  be  seen  in  Table  6  that  at  this  clock  speed  the  largest  exhaustive  search  that 
can  be  performed  is  for  functions  of  five  variables.  Based  on  this,  finding  smaller  subsets 
that  are  rich  in  functions  with  high  correlation  immunity  is  extremely  important.  A 
Virtex-5  FPGA  runs  at  550  MHz  which  would  speed-up  the  computation  time  by  5.5. 
However,  even  at  this  speed,  an  exhaustive  search  for  all  functions  of  six  variables  is  not 
feasible. 
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Another  limitation  is  the  hardware  space  on  the  FPGA.  The  circuit  grows  larger  as 
n  increases  and  will  at  some  point  no  longer  fit  on  the  FPGA.  At  this  point,  the  circuit 
could  use  an  additional  FPGA.  For  this  thesis  work,  only  one  FPGA  was  needed. 

B.  ANALYSIS 

1.  Balanced  Functions 

A  C  code  program  was  written  in  the  main.c  file  to  create  the  set  of  balanced 
functions.  This  program  used  an  index  to  constant  weight  convertor  to  distribute  the  272 
Is  in  all  possible  variations  of  positions  over  the  n  variables.  The  set  of  balanced 
functions  were  then  sent  in  a  function  call  to  the  subr.mc  file  to  find  the  correlation 
immunity  of  each  function.  The  code  is  included  in  Appendix  A. 

a.  Correlation  Immunity  for  Balanced  Functions  for  n=4 

There  are  C(16,8)  balanced  functions  for  n=4,  which  is  a  much  smaller 
space  than  all  Boolean  functions  for  n=4.  In  order  for  a  function  to  have  a  correlation 
immunity  of  (n-1),  the  function  must  be  balanced.  The  distribution  of  correlation 
immunity  of  balanced  functions  compared  to  the  distribution  of  correlation  immunity  for 
all  functions  of  four  variables  is  shown  in  Table  7.  The  two  functions  of  four  variables 
with  correlation  immunity  3  are  included  in  this  set.  The  subset  also  contains  all  of  the 
functions  of  four  variables  with  correlation  immunity  2.  The  testing  resulted  in  finding 
two  3-resilient  functions,  eight  2-resilient  functions,  and  212  1-resilient  functions. 


Table  7.  Distribution  of  correlation  immunity  for  all  balanced  functions  compared  to  that 

of  all  Boolean  functions  of  four  variables. 


Correlation  Immunity 

0 

1 

2 

3 

4 

All  Boolean  Functions 

64,888 

636 

8 

2 

2 

All  Balanced  Functions 

12,648 

212 

8 

2 

0 
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b.  Correlation  Immunity  for  Balanced  Functions  for  n=5 

There  C(32,16)  balanced  functions  for  n=5,  which  is  slightly  over 
600,000,000  functions.  While  the  SRC-6  can  compute  a  set  of  this  size  in  six  seconds,  the 
code  to  create  balanced  functions  is  more  complicated  for  five  variables.  By  reducing  the 
size  of  the  subset,  to  include  only  functions  that  are  balanced  over  the  first  sixteen  bits 
and  the  last  sixteen  bits,  the  code  was  significantly  less  complex.  This  reduction  did  not 
eliminate  any  functions  with  correlation  immunity  greater  than  0.  According  to  the 
definition  of  the  test  for  k=l,  this  smaller  subset  contains  all  of  the  functions  with 
correlation  immunity  1  or  greater.  Therefore,  all  balanced  functions  with  correlation 
immunity  greater  than  or  equal  to  1  can  be  found  by  testing  this  smaller  subset.  The 
distribution  of  correlation  immunity  for  balanced  functions  compared  to  the  distribution 
of  correlation  immunity  for  all  functions  of  five  variables  is  shown  in  Table  8.  Like  the 
results  for  n  =  4 ,  the  two  functions  with  correlation  immunity  n- 1  are  in  the  set  of 
balanced  functions.  Also,  the  ten  functions  with  correlation  immunity  n-2  are  in  the 
subset  of  balanced  functions.  This  set  also  contains  a  much  higher  percentage  of 
functions  with  correlation  immunity  1  and  2  than  the  set  of  all  Boolean  functions.  The 
testing  resulted  in  finding  two  4-resilient  functions,  ten  3-resilient  functions,  540  2- 
resilient  functions  and  807,428  1 -resilient  functions. 


Table  8.  Distribution  of  correlation  immunity  for  all  balanced  functions  compared  to  that 

of  all  Boolean  functions  of  five  variables. 


Correlation  Immunity 

0 

1 

2 

3 

4 

5 

All  Boolean  Functions 

4,291,827,234 

3,139,004 

1044 

10 

2 

2 

Balanced  Functions 
subset 

164,828,920 

807,428 

540 

10 

2 

0 
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2. 


Rotation  Symmetric  Functions 


Rotation  symmetric  functions  are  a  very  small  subset  of  all  functions  that  has 
been  shown  to  contain  functions  that  are  rich  in  good  cryptographic  properties  [9],  C 
code  was  written  in  the  main.c  tile  to  create  the  set  of  rotation  symmetric  functions.  This 
was  accomplished  by  creating  different  sets  called  orbits,  each  made  up  of  one  cyclic 
rotation  of  n  bits.  The  value  of  all  TT  entries  for  each  orbit  may  either  be  set  to  1  or  0. 
The  set  of  rotation  symmetric  functions  is  made  up  of  all  possible  combinations  of  these 
orbits  being  set  to  1  or  0.  An  index  to  constant  weight  convertor  was  used  to  set  the 
different  values  of  each  orbit  to  1  or  0  for  all  possible  combinations  of  the  sets.  The 
program  first  selected  zero  orbits  to  create  the  zero  function,  then  selected  all  possible 
ways  to  choose  one  orbit  to  create  n  more  functions,  then  all  possible  ways  to  choose  two 
orbits  to  create  C(n, 2)  more  functions,  and  continued  until  all  orbits  were  set  to  1.  The 
set  of  rotation  symmetric  functions  were  then  sent  in  a  function  call  to  the  subr.mc  tile  to 
find  the  correlation  immunity  of  each  function.  The  code  is  included  in  Appendix  A. 

a.  Correlation  Immunity  for  Rotation  Symmetric  Functions  for  n=4 

For  n=4,  there  are  26  rotation  symmetric  functions  [13].  This  set  contains 
both  of  functions  with  correlation  immunity  n— 1,  but  none  of  the  functions  for  n-2.  The 
set  does  contain  a  higher  percentage  of  functions  with  correlation  immunity  1  compared 
to  the  sample  size  than  the  set  of  all  functions.  The  distribution  of  correlation  immunity 
of  all  Boolean  functions  compared  to  the  distribution  of  correlation  immunity  of  rotation 
symmetric  functions  is  shown  in  Table  9. 


Table  9.  Distribution  of  correlation  immunity  for  all  rotation  symmetric  functions 
compared  to  that  of  all  Boolean  functions  of  four  variables. 


Correlation  Immunity 

0 

1 

2 

3 

4 

All  Boolean  Functions 

64,888 

636 

8 

2 

2 

All  Rotation  Symmetric 
Functions 

48 

12 

0 

2 

2 
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b.  Correlation  Immunity  for  Rotation  Symmetric  Functions  for  n=5 

For  n=5,  there  are  28  rotation  symmetric  functions  which  account  for 

5.9x10  %  0f  an  Boolean  functions  of  five  variables.  As  in  the  results  for  n=4,  this  set 
contains  both  of  the  functions  for  correlation  immunity  n-1,  but  none  of  the  functions  for 
n-2.  This  set  contains  a  much  high  percentage  of  functions  for  correlation  immunity  1 
and  2  than  the  set  of  all  Boolean  functions. 


Table  10.  Distribution  of  correlation  immunity  for  all  rotation  symmetric  functions 
compared  to  that  of  all  Boolean  functions  of  four  variables. 


Correlation 

Immunity 

0 

1 

2 

3 

4 

5 

All  Boolean 
Functions 

4,291,827,234 

3,139,004 

1044 

10 

2 

2 

All  Rotation 
Symmetric 
Functions 

214 

34 

4 

0 

2 

2 

3.  Nonlinearity 

A  macro  to  find  the  nonlinearity  from  [3]  was  combined  with  the  macro  to  find 
the  correlation  immunity  to  find  both  properties  of  each  function.  This  code  is  included  in 
Appendix  A.  Since  the  pipeline  was  longer  for  the  nonlinearity  circuit  than  the  correlation 
immunity  circuit,  a  delay  module  was  added  to  the  correlation  immunity  circuitry. 
ModelSim™  was  used  to  determine  the  number  of  times  the  delay  module  would  need  to 
be  called  to  have  equal  pipelines  for  each  circuit.  The  resulting  program  output  the 
correlation  immunity  and  nonlinearity  of  a  Boolean  function  every  clock  cycle.  To  verify 
the  results,  the  C  program  written  to  find  the  correlation  immunity  was  executed  with  the 
Verilog  macro  for  nonlinearity.  The  circuitry  was  then  used  to  test  for  the  nonlinearity  of 
all  functions  of  a  given  correlation  immunity.  This  circuit  produced  the  same  results. 
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a.  Correlation  Immunity  and  Nonlinearity  for  All  Boolean 
Functions  for  n=4 

The  Distribution  of  all  Boolean  functions  of  four  variables  by  correlation 
immunity  and  nonlinearity  is  shown  in  Table  11.  It  can  be  seen  that  the  highest 
combination  of  correlation  immunity  and  nonlinearity  is  a  correlation  immunity  1  and 
nonlinearity  of  4.  All  of  the  bent  functions  have  correlation  immunity  0. 


Table  1 1 .  Distribution  of  all  Boolean  functions  of  four  variables  by  correlation  immunity 

and  nonlinearity. 


Nonlinearity/Correlation 

Immunity 

0 

1 

2 

3 

4 

5 

0 

8 

12 

8 

2 

2 

32 

1 

512 

0 

0 

0 

0 

512 

2 

3712 

128 

0 

0 

0 

3840 

3 

17920 

0 

0 

0 

0 

17,920 

4 

27504 

496 

0 

0 

0 

28,000 

5 

14336 

0 

0 

0 

0 

14,336 

6 

896 

0 

0 

0 

0 

896 

Total 

64,888 

636 

8 

2 

2 

65,536 

b.  Correlation  Immunity  and  Nonlinearity  for  All  Boolean 
Functions  for  n=5 

The  distribution  of  Boolean  functions  of  five  variables  by  correlation 
immunity  is  shown  in  Table  12.  For  functions  with  five  variables  the  highest  nonlinearity 
is  12.  Based  on  the  results,  the  highest  combination  of  correlation  immunity  and 
nonlinearity  that  can  be  achieved  for  a  function  of  five  variables  is  a  nonlinearity  of  12 
and  a  correlation  immunity  of  2.  There  are  384  functions  that  meet  these  criteria. 
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Table  12.  Distribution  of  Boolean  functions  of  five  variables  by  correlation  immunity  and 

nonlinearity. 


N  onlinearity/correlation 
Immunity 

0 

1 

2 

3 

4 

5 

6 

0 

10 

20 

20 

10 

2 

2 

64 

1 

2,048 

0 

0 

0 

0 

0 

2,048 

2 

31,232 

512 

0 

0 

0 

0 

31,744 

3 

317,440 

0 

0 

0 

0 

0 

317,440 

4 

2,278,400 

23,040 

0 

0 

0 

0 

2,301,440 

5 

12,888,064 

0 

0 

0 

0 

0 

12,888,064 

6 

57,873,920 

122,368 

0 

0 

0 

0 

57,996,288 

7 

215,414,784 

0 

0 

0 

0 

0 

215,414,784 

8 

645,867,160 

1,799,080 

640 

0 

0 

0 

647,666,880 

9 

1,362,452,480 

0 

0 

0 

0 

0 

1,362,452,480 

10 

1,411,209,216 

890,880 

0 

0 

0 

0 

1,412,100,096 

11 

556,408,832 

0 

0 

0 

0 

0 

556,408,832 

12 

27,083,648 

303,104 

384 

0 

0 

0 

27,387,136 

Total 

4,291,827,234 

3,139,004 

1044 

10 

2 

2 

4,294,967,296 

4.  Correlation  Immunity  for  Functions  of  Six  Variables 

The  correlation  immunity  of  a  random  sampling  of  216  functions  of  six  variables 
was  found.  The  SRC-6  has  a  built  in  macro  that  provides  a  random  number  generator. 
This  random  number  generator  was  used  to  create  two  32  bit  numbers  that  were 
combined  to  create  the  TT  value  of  a  function  of  six  variables.  The  distribution  of  the 
correlation  immunity  for  the  random  sampling  of  functions  of  six  variables  is  shown  in 
Table  13.  Even  with  the  large  sample  size,  no  functions  of  correlation  immunity  greater 
than  one  were  found. 
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Table  13.  Distribution  of  a  random  subset  of  Boolean  functions  of  six  variables  by 

correlation  immunity. 


Correlation 

Immunity 

0 

1 

2 

3 

4 

5 

6 

216  Boolean 
Functions  of  Six 
Variables 

4,294,850,145 

117,151 

0 

0 

0 

0 

0 
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V.  CONCLUSION  AND  RECOMMENDATIONS 


A.  CONCLUSIONS 

In  this  thesis,  it  was  shown  that  there  is  a  significant  benefit  to  using  the  SRC-6 
reconfigurable  computer  to  test  high  numbers  of  Boolean  functions  for  correlation 
immunity.  It  was  shown  that  a  well-written  Verilog  macro  can  be  more  effective  than 
allowing  the  compiler  to  translate  C  code  into  Verilog  on  the  SRC-6.  Even  with  the 
speed-up  achieved  by  using  the  SRC-6,  functions  of  more  than  five  variables  cannot  be 
exhaustively  tested  using  current  technology. 

To  reduce  the  number  of  functions  that  need  to  be  tested  to  find  functions  with 
good  correlation  immunity,  the  subsets  of  balanced  functions  and  rotation  symmetric 
functions  were  examined  and  smaller  sample  sets  with  functions  of  high  correlation 
immunity  were  discovered.  The  characteristics  of  functions  with  higher  correlation 
immunity  were  examined  to  find  properties  to  reduce  the  function  space  to  be  tested.  The 
nonlinearity  and  correlation  immunity  of  all  functions  of  four  and  five  variables  were 
examined  to  find  functions  with  the  highest  possible  degree  of  both  properties. 

B.  RECOMMENDATIONS 

1.  Circular  Pipeline 

A  circular  pipeline  was  developed  in  another  thesis  [12]  at  the  Naval  Postgraduate 
School  for  finding  functions  with  the  highest  nonlinearity,  i.e.,  bent  functions.  In  order  to 
find  a  bent  function,  prior  to  the  creation  of  the  circular  pipeline,  each  function  was  tested 
against  all  affine  functions  in  parallel.  The  Hamming  weight  was  then  calculated  for  each 
test,  and  the  minimum  was  detennined.  This  value  is  the  function’s  nonlinearity.  The 
functions  with  the  highest  weights  are  called  bent  functions.  Most  functions  do  not  have  a 
single  bent  weight  and  only  need  to  be  tested  against  one  affine  function.  A  speed  up  of 
55  was  achieved  by  using  a  circular  pipeline  that  removed  a  function  once  a  test  did  not 
result  in  a  bent  weight.  This  work  could  be  expanded  on  to  create  a  circular  pipeline  for 
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correlation  immunity.  The  number  of  tests  passed  by  all  functions  for  correlation 
immunity  of  1  for  n= 4  is  shown  in  Figure  9.  Most  functions  do  not  even  pass  the  first 
test.  A  circular  pipeline  would  allow  the  function  to  be  removed  from  the  pipeline  once  it 
fails  one  test. 
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Figure  9.  Number  of  test  passed  for  all  functions  of  four  variables  for  correlation 

immunity  1. 
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2.  Other  Cryptographic  Properties 

This  is  the  second  time  the  SRC-6  at  the  Naval  Postgraduate  School  was  able  to 
achieve  a  significant  speed-up  testing  functions  for  cryptographic  properties.  A  speed-up 
of  60,000  times  was  realized  using  the  SRC-6  to  test  for  the  nonlinearity  of  Boolean 
functions  [2].  By  combining  the  code  written  to  find  the  nonlinearity  and  the  correlation 
immunity,  functions  were  able  to  be  evaluated  for  both  properties.  If  more  work  could  be 
done  for  other  properties,  such  as  algebraic  immunity,  Boolean  functions  could  be 
evaluated  for  all  properties  in  parallel.  This  could  result  in  finding  functions  that 
contained  the  highest  degree  of  desired  characteristics  and  help  to  find  the  best  trade-off. 
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3.  Finding  Smaller  Test  Sets 


In  order  to  feasibly  test  all  functions  for  n=6  in  a  reasonable  time  period,  the 
clock  speed  would  have  to  be  several  thousand  times  faster.  Since  that  may  never  be 
technically  possible,  another  solution  must  to  be  found.  By  only  looking  at  balanced 
functions  or  rotation  symmetric  functions,  a  high  percentage  of  functions  with  high 
correlation  immunity  can  be  found.  By  examining  the  properties  of  functions  with  high 
correlation  immunity,  we  can  discover  additional  subsets  that  contain  high  numbers  of 
functions  with  high  correlation  immunity. 

4.  Additional  FPGAs 

For  this  thesis,  only  one  FPGA  was  used.  Each  MAP  in  the  SRC-6  has  three 
FPGAs,  two  of  which  are  available  for  programming.  The  only  obstacle  when  using  two 
FPGAs  is  that  the  bus  between  the  two  only  allows  one  64-bit  value  to  be  passed  at  one 
time.  One  way  to  avoid  the  problem  is  to  not  require  communication  between  the  two 
FPGAs  and  have  both  FPGAs  implemented  to  find  the  correlation  immunity  of  a 
function.  This  way,  two  functions  could  be  tested  per  clock  rather  than  one. 
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APPENDIX  A.  SRC-6  CODE 


The  following  code  was  used  to  calculate  the  correlation  immunity  for  the  set  of 
all  Boolean  functions,  rotation  symmetric  functions  and  balanced  functions  as  well  as 
determining  the  nonlinearity  and  correlation  immunity  of  all  Boolean  functions.  Only  one 
makefile  is  included  in  the  Appendix  because  it  is  the  same  for  every  program.  The 
main.c  and  subr.mc  are  the  only  files  listed  for  the  rotation  symmetric  and  balanced 
programs.  These  programs  used  the  blk.v,  info  and  corr  imm.v  files  for  four  and  five 
variables  listed  in  Section  A  and  Section  B. 

A.  CORRELATION  IMMUNITY  FOR  N=4 

1.  main.c 

/******************************************************************/ 


/*  main.c  -a  c  program  designed  to  run  a  SRC6  implentaion  of  */ 
/*  corr_imm.v  */ 
/*  */ 
/*  Authur:  Carole  Etherington  */ 
/*  Last  Modified:  04Nov2010  */ 
/*  */ 
/*  Description:  This  file  creates  every  possible  16  bit  */ 
/*  binary  number  then  calls  a  subroutine  that  returns  */ 
/*  the  corrleation  */ 
/*  immunity  of  that  function.  */ 


/******************************************************************/ 
#include  <map.h> 

#include  <stdlib.h> 

void  subr  (int64  t*,  int64  t*,  int64  t*,  int) ; 
int  main ( ) 

{  FILE  * res  map, *res  cpu; 

int  mapnum=0; 
int  n=4; 
int64_t  i; 
int64  t  time  elk; 
int64  t  *x,  *ci; 
int  count  [  5 ] ; 

x  =  (int64_t  *)  malloc  (65536*  sizeof (int64_t) ) ; 
ci  =  (int64_t  *)  malloc  (65536*  sizeof(int64_t)); 

for (i=0; i<size; i++) 

{x [i] =i; 
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c  i  [  i  ]  =  0 ;  } 


map_allocate  ( 1 ) ; 
subr (x, ci , &time  clk,mapnum); 
printf("%lld  clocks\n" , time  elk); 
for (i=0; i<=n; i++) 

{ count [ i ] =0 ; } 
for (i=0; i<size; i++) 

{ switch (ci  [i] ) 

{case  0:  count [ 0 ] =count [ 0 ] +1 ; 
break; 

case  1:  count [ 1 ] =count [ 1 ] +1 ; 
break; 

case  2:  count [2 ] =count  [2 ] +1 ; 
break; 

case  3:  count [ 3 ] =count [ 3 ] +1 ; 
break; 

case  4:  count [ 4 ] =count [ 4 ] +1 ; 

break; 

default : 

break; 

}  } 


printf("the  number  of 
immunity  zero  is  %lld\n" , count [0] ) ; 

printf("the  number  of 
immunity  one  is  %lld\n" , count [ 1 ]) ; 

printf("the  number  of 
immunity  two  is  %lld\n" , count [2] ) ; 

printf("the  number  of 
immunity  three  is  %lld\n" , count [3] ) ; 

printf("the  number  of 
immunity  four  is  %lld\n" , count [ 4 ] ) ; 


functions  with 
functions  with 
functions  with 
functions  with 
functions  with 


correlation 

correlation 

correlation 

correlation 

correlation 


map_f ree ( 1 ) ; 
exit  ( 0 ) ; 


} 


2.  subr.mc 


/*******************************************************************/ 
/*  subr.mc  -MAP  subroutine  to  find  the  correlation  immunity  of  */ 

/*  all  four  variable  functions.  */ 

/*  */ 

/*  Author:  Carole  Etherington  */ 

/*  Last  modified:  November  4,  2010  */ 

/*  */ 

/*  Description:  This  program  calls  the  macro  my_operator  */ 

/*  that  finds  the  correlation  immunity  of  a  given  function*/ 

/*  and  returns  the  correlation  immunity  of  the  function  */ 

/*  to  the  program  main.c.  */ 

/*  */ 

/*******************************************************************/ 
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#include  <libmap.h> 

void  subr  (int64  t  x[],  int64  t  ci[],  int64  t  *time,  int  mapnum) 

{ 

OBM_BANK_A(X,  int64_t,  65536) 

OBM_BANK_B (Cl,  int64_t, 65536) 
int64_t  tO,tl; 
int  i; 

int64  t  myin; 
int8_t  myout; 

DMA_CPU (CM20BM,  X, 

MAP_OBM_stripe (1, "A") , x, 1, 65536*sizeof (int64_t) , 0) ; 
wait  DMA ( 0 ) ; 

read_timer ( &t0 ) ; 

for (i=0; i<65536; i++) 

{myin=X [ i ] ; 

my_operator (myin,  Smyout) ; 

Cl [i] =myout; 

} 

read_timer ( &tl ) ; 

*time= (tl-tO) ; 

DMA_CPU (OBM2CM, Cl , MAP_OBM_stripe (1, "B") , ci, 1, 65536*sizeof (int64_t) , 0) 
wait  DMA ( 0 ) ; 

} 


3.  makefile 

#  $Id:  Makefile . template, v  1.13  2005/04/12  19:18:30  jls  Exp  $ 

# 

#  Copyright  2003  SRC  Computers,  Inc.  All  Rights  Reserved. 

# 

#  Manufactured  in  the  United  States  of  America. 

# 

#  SRC  Computers,  Inc. 

#  4240  N  Nevada  Avenue 

#  Colorado  Springs,  CO  80907 

#  (v)  (719)  262-0213 

#  (f)  (719)  262-0223 

# 

#  No  permission  has  been  granted  to  distribute  this  software 

#  without  the  express  permission  of  SRC  Computers,  Inc. 

# 

#  This  program  is  distributed  WITHOUT  ANY  WARRANTY  OF  ANY  KIND. 

# 

#  - 

#  - 

#  User  defines  FILES,  MAPFILES,  and  BIN  here 
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# - 

FILES 

MAPFILES 

BIN 


main . c 

subr .me 
main 


# - 

#  Multi  chip  info  provided  here 

#  (Leave  commented  out  if  not  used) 

#  - 

#PRIMARY  =  <primary  file  1>  <primary  file  2> 

#SECONDARY  =  <secondary  file  1>  <secondary  file  2> 

#CHIP2  =  <file  to  compile  to  user  chip  2> 


# 


#  User  defined  directory  of  code  routines 

#  that  are  to  be  inlined 

#  - 

#INLINEDIR 

# - 

#  User  defined  macros  info  supplied  here 

# 

#  (Leave  commented  out  if  not  used) 

#  - 


MACROS 
MY^BLKBOX 
MY_NGO_DIR 
MY  INFO 


# 


=  my  macro/corr  imm.v 
=  my  macro/blk.v 
=  my  macro 
=  my  macro/info 


#  Floating  point  macros  selection 

#  - 

#FPMODE  =  SRC_IEEE_V1  #  Default  SRC  version  IEEE 

#FPMODE  =  SRC  IEEE  V2  #  Size  reduced  SRC  IEEE  with 


#  special  rounding  mode 

#  - 

#  User  supplied  MCC  and  MFTN  flags 

#  - 


MCCFLAGS  =  -v 

MFTNFLAGS  =  -v 

# - 

#  User  supplied  flags  for  C  &  Fortran  compilers 

#  - 


cc 

=  gcc 

# 

icc 

for  Intel  cc  for  Gnu 

FC 

=  ifort 

# 

ifort 

for  Intel  f77  for  Gnu 

#LD 

C 

#LD 

=  ifort 

nofor  main  #  for  mixed  C  and  Fortran,  main 

=  ifort 

# 

for  Fortran  or  C/Fortran  mixed,  main  in 

Fortran 

LD 

=  gcc 

# 

for  C 

codes 

MY  CFLAGS 

= 

MY  FFLAGS 

= 

MY  LDFLAGS 

= 

# 

Flags 

to  include  libs  if  needed 

in 


42 


# - 

#  VCS  simulation  settings 

#  (Set  as  needed,  otherwise  just  leave  commented  out) 

#  - 

#USEVCS  =  yes  #  YES  or  yes  to  use  vcs  instead  of  vcsi 

#VCSDUMP  =  yes  #  YES  or  yes  to  generate  vcd+  trace  dump 

# - 

#  MODELSIM  simulation  settings 

#  (Set  as  needed,  otherwise  just  leave  commented  out) 

#  - 

#USEMDL  =  yes  #  YES  or  yes  to  use  modelsim  instead  of 

vcs/vcsi 

#USEMDLGUI  =  yes  #  YES  or  yes  to  use  modelsim  GUI  interface 

#MDLDUMP  =  yes  #  YES  or  yes  to  generate  vcd  trace  dump 

# - 

#  No  modifications  are  required  below 

#  - 

MAKIN  ?=  $ (MC  ROOT) /opt/srcci/comp/lib/AppRules .make 
include  $ (MAKInT 


4.  blk.v 


I : ****************************************************************** 

/*  blk.v  -a  black-box  file  that  specifies  the  input/output  of  * 
/*  corr_imm.v  * 
/*  * 
/*  Authur:  Carole  Etherington  * 
/*  Last  Modified:  04Nov2010  * 
/****************************************************************** 


/ 

/ 

/ 

/ 

/ 

/ 

/ 


module  corr  imm(TT  ext, Cl  ext,CLK); 

input  CLK; 

input [63:0]  TT_ext; 

output [7:0]  CI_ext; 

endmodule 


5.  info 

/******************************************************************/ 
/*  info  -  This  file  provides  information  on  the  latency,  inputs,*/ 
/*  outputs  for  the  macro,  type  of  macro  and  output  for  */ 

/*  debugging  purposes  */ 

/*  Authur:  Carole  Etherington  */ 

/*  Last  Modified:  04Nov2010  */ 

/******************************************************************/ 
BEGIN  DEF  "my  operator" 

MACRO=  "corr_imm"; 

STATEFUL  =N07 
EXTERNAL  =NO; 

PIPELINED  =YES  ; 

LATENCY  =2; 

INPUTS=1 : 

I 0=INT  64  BITS  (TT_ext [63 : 0] ) 


43 


0UTPUTS=1 : 

O0=INT  8  BITS (CI_ext [7 : 0] ) ; 

IN_SIGNAL:  1  BITS  "CLK"="CLOCK" ; 

DEBUG_HEADER  =# 

void  my  operator  dbg(int64  t  TT,  int8  t  *CI  Ptr)  ; 

#;  ~  . “ 

DEBUG_FUNC=# 

void  my  operator  dbg  (int64  t  TT,int8  t  *CI  Ptr) 

{ *CI_Ptr=2 ; } 

#; 


END  DEF 


6.  corr  imm.v 


module  corr  imm  (Cl  ext,  TT  ext,  CLK)  ; 
/*********************************************************************/ 


/* 

/* 

/* 

/* 

/* 

/* 


corr  imm  -Verilog  code  that  accepts  the  truth  table,  TT,  of  an  */ 
n-variable  function  and  produces  the  correlation  */ 

immunity,  C,  of  that  function.  */ 

Created:  October  8,  2010  */ 

Last  Modified:  November  4,  2010  */ 

Author:  C.  Etherington  and  J.  T.  Butler  */ 

/ 


/******************************************************************** 


parameter  n  = 
localparam  N  = 
localparam  m  = 
wire  [N-l : 0] 
input  [63:0] 
input 

wire  [m-1 : 0] 
output  [7:0] 
wire  [n:0] 
least  i. 
genvar  i ; 


4;  //  n  =  number  of  variables 

2  *  *  n ; 

clogb2 (n) ;  //  m  =  number  of  bits  to  represent  n. 

TT;  //  The  truth  table  of  the  given  function. 

TT_ext; 

CLK; 

Cl;  //  C  can  be  as  large  as  ceil (log_2 (n) . . 

CI_ext; 

k;  / / k [ i ]  =  1  iff  function  has  cor.  im.  at 


generate 

assign  k[0]=l'bl;  //function  will  always  have  at  least  correlation 
immunity  zero 

assign  TT  =TT_ext [N-l : 0] ; 


for  (i=l;  i<=n;  i  =  i+1)//  Enumerate  i  the  index  of  k  to 

determine  highest  correlation. 

begin :mult  k 

cor_im_i  # ( . n (n) ,  . i  ( i ) )  ul  (k[i],  TT,CLK);  //k[i]=l 

iff  TT  has  cor.  im.  at  least  i. 

end 

endgenerate 


pri  enc  u2  (Cl,  CLK,  k) ; 

assign  CI_ext  =  {  { ( 8-m) { 1 ' bO } } ,  Cl  }; 
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//Constant  function  to  find  the  ceiling  of  log  base  two  of  d 
function  integer  clogb2 (input  integer  d)  ; 
begin 

for (clogb2=0;  d>0;  clogb2  =  clogb2  +  1) 
d  =  d  >>  1; 

end 

endfunction 

endmodule 


modul 

I  -k  -k  -k  -k 

/*  co 
/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/*  *  *  * 


e  cor  im  i  (k  i,  TT,CLK); 

•k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k-k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k-k-k-k-k/ 


rr  imm  1 


Verilog  code  that  accepts  the  truth  table,  TT,  of 
an  n-variable  function  and  produces  k  i=l  iff  the 
function  has  cor.  im.  at  least  i,  where  i  is  a 
parameter.  That  is,  corr  imm  i  is  a  called  from  £ 
generate  for  loop  with  index  i.  corr  imm  i  then 
enumerates  all  combinations  of  i  input  variables 
and  produces  k  i=l  iff  for  all  assignments  of 
values  to  the  i  input  variables  the  function  has 
the  same  number  of  1's  (and  holds  for  all 
combinations) .  This  circuit  consists  of  many 
adders,  which  add  the  number  of  1's  in  portions 
of  the  truth  table  of  the  function.  This  circuit 
performs  the  following  sequential  code  for  some 
combination  of  i  variables  indexed  by  comb 
(0  <=  comb  <  C(n,i)). 

October  8,  2010 

Last  Modified:  November  22  18,  2010 
Author:  C.  Etherington  and  J.  T.  Butler 

***************************************************************, 


Created: 


*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 


parameter  n  =  4; 
parameter  i  =  2; 
localparam  N  =  2**n; 
localparam  size=comb  nk(n,i); 


input  [N— 1:0] 

input 

output 

reg 

reg  [n-l:0]  sum 

integer  comb, u, v, cwc; 


TT; 
CLK; 
k_i; 
k_i; 
[64:0]  ; 


//  n  =  the  number  of  variables 


//finds  the  number  of  possible 

//combinations  for  choosing 

//i  variables  from  the  number  of 

//variables  in  the  function 

//  The  truth  table  of  the  given  function 

//  C  can  be  as  large  as  ceil ( log_2 (n) . 


always  @ (posedge  CLK) 

begin 
k  i=l; 

for  (comb=0;  combksize;  comb=comb+l)  //total  number  of  ways  to  pick 

//i  varaibles  from  n 

begin 
if(k  i==l) 
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begin 

cwc=int2cwc (n, i, comb) ; 

for  (u=0;  u<=(2**i-l);  u=u+l)  //ennumerates  the  number  of 

//subfunctions  of  size  i  with 
//different  values 

begin  //Scan  the  2**i  subfunctions. 

sum[u]  =  0;  //stores  number  of  ones  initially  set 

//to  zero 

for(v=0;  v<=2** (n-i) -1;  v=v+l)  //ennumerates  the  possible 

//values  of  n-i  variables 

begin 

sum[u]  =  sum[u]  +  TT [ index (n, i , cwc, u, v) ]; //totals  the 

//number  of  ones  for  each  value  of  u. 
/ /by  finding  the  fuction  value  for  a 
//set  u  and  for  each  value  of  v. 

end 

end 


for  (u=0;  u<2**i-l;  u=u+l) 

begin  //Check  that  all  subfunctions  have  the  same 
if  (sum[u]  !=  sum [u+1 ]) //number  of  Is.  If  not,  set  k  i=0 . 


end 


end 

end 

//Constant  function 

function  integer  index; // Index  to  TT. 


input  integer  n; 
input  integer  i; 
input  integer  cwc; 

input  integer  u; 
input  integer  v; 


//Number  of  variables. 

//Prospective  cor.  im.  (1  <=  i  <=  n) 
//Index  to  i-combination .  comb [0] =5 
/ / comb [2 ] =3  =>  111000 
//Index  to  subfunction  -  0 

//Index  to  minterm  of  subfunction  - 
//2  A (n-i) . 


comb [ 1 ] =4 

<=  u  <  2 Ai . 
0  <=  v  < 


integer  cwc  temp; 

integer  u  idx,  v  idx,  c  idx; 

integer  u  temp,  v  temp; 

integer  temp; 

begin 

u  idx=i-l; 
v  idx=n-i-l; 
index=0 ; 
u_temp=u; 
v  temp=v; 
cwc_temp=cwc ; 


//the  following  loop  finds  the  truth  table  index  given  a  set  u  and  v 
//the  binary  values  of  u  will  be  place  in  the  corresponding  the 
binary  values  of  u  will  be  place 

//in  the  corresponding  binary  one  position  of  the  CWC  and  the 
binary  values  of  v  are  placed  in 

//the  binary  zero  positions  of  the  CWC 
for (c  idx=(n-l);c  idx>=0;c  idx=c  idx-1) 
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//does  the  cwc  have  a  one  in  the 
//c_idx  position 


begin 

if ((cwc  temp-2**c  idx)>=0) 
begin 

cwc  temp=cwc  temp-2 **c  idx; 

if ( (u  temp-2**u  idx)>=0)//if  the  u  binary  value  has  a  one  in 

//the  u  idx  position  then 

begin  //the  index  binary  value  will  have  a 

//one  in  the  cwc_idx  position 

index=index+2**c  idx; 
u  temp=u  temp-2**u  idx; 
end 

u  idx=u  idx-l;//one  less  u  binary  value  to  place  in  index 
/ /value 

end 

else  //if  the  cwc  has  a  zero  in  the  c  idx  position 
begin 

if ( (v  temp-2**v  idx)>=0)//if  the  binary  v  value  has  a  one 

//in  the  v  idx  position 

begin  //then  the  index  value  will  have  a 

//one  in  the  cwc_idx  position 
index=index+2**c  idx; 
v  temp=v  temp-2 **v  idx; 
end 

v  idx=v  idx-1;  //one  less  binary  v  value  to  place 
end 

end 

end 

endfunction 

function  integer  int2cwc ( input  integer  n,  input  integer  i,  input 
integer  comb) ; 

//functions  uses  the  index  value  to  assign  exactly  i  ones  to  a  n  bit 
/ / string 

integer  N,k,comb  temp, temp; 
begin 

N=n-1;//  number  of  positions  to  place  a  one  from  n-1  to  zero 
k=i;  //number  of  ones 
comb  temp=comb; 
int2cwc=0 ; 

while (k>=l//loop  continues  until  all  ones  have  been  placed  in  the 
/ / string 

begin 

temp=comb  nk (N, k) ; 

if (comb  temp-temp>=0 )  //if  comb  is  greater  than  N  choose  k 
begin 

int2cwc=int2cwc+2**N; //  then  place  a  one  in  the  N  position 

comb  temp=comb  temp-temp; 

k=k-l ; //decrease  number  of  ones  to  place 

end 

N=N-1; //decrease  the  number  of  positions  to  place  a  one. 

end 

end 

endfunction 
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function  integer  comb  nk (input  integer  n,  input  integer  k) ; 
integer  k  h, k  l,i; 
begin : f 2 
if (n  <  k) 


comb  nk 
else 
begin 
k  h  =  k  ; 

=  0; 

k_  1  =  n 

-  k; 

if  ( k_l 
begin 

>  k  h) 

k  h  =  n 
k  1  =  k; 
end 

-  k; 

comb  nk 

=  1; 

for(i  = 

n;  i>k  h;  i  = 

i-1) 

comb  nk 

=  comb  nk*i; 

for(i  = 

1;  i<=k  1;  i 

=  i  +  1 

comb  nk 

=  comb  nk/i; 

end 

end 

endfunction 

endmodule 


module  pri  enc  (Cl,  CLK,  k) ; 

/*********************************************************************/ 

/*  pri_enc-Verilog  code  for  a  priority  encoder.  It  examines  elements*/ 
of  vector  k[i],  which  will  be  1  for  1  <=  j  and  0  for  */ 

j+1  <=  n,  in  which  case  the  correlation  immunity.  Cl  is  j*/ 
and  produces  the  correlation  immunity,  C,  of  that 
function . 

Created:  October  8,  2010 

/*  Last  Modified:  October  11,  2010 

/*  Author:  C.  Etherington  and  J.  T.  Butler 

/*********************************************************************/ 

//  n  =  the  number  of  variables 


/* 

/* 

/* 

/* 

/* 


*/ 

*/ 

*/ 

*/ 

*/ 


parameter  n  = 

4; 

localparam  m  = 

clogb2 (n 

input 

CLK; 

input  [n:0] 

k;// 

output  [m-l:0] 

Cl; 

reg  [m-l:0] 

Cl; 

integer 

i=l ; 

always  @ (posedge  CLK) 
begin 

i  =  0; 

//Set 

k [ i ] =1  means  function  has  cor.  im.  at  least  i. 
//  Cl  can  be  as  large  as  ceil (log  2 (n) . 


while  (  (i<=n)  &&  ( k [ i ]  ==  1'bl))  //  0  to  n,  if  k[i]=l. 

/ /k [i+1]  =  0, 

begin: stage  //  set  Cl  to  i. 

i  =  i+1 

end 

Cl  =  i-1 ; 

end 


When 


//Constant  function 


48 


function  integer  clogb2 (input  integer  d)  ; 
begin 

for (clogb2=0;  d>0;  clogb2  =  clogb2  +  1) 
d  =  d  »  1; 

end 

endfunction 

endmodule 


B.  CORRELATION  IMMUNITY  FOR  N=5 


1.  main.c 


/kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk 


/* 

-k 

/*  main. 

.  c  -a  c  program  designed  to  run 

a  SRC6  implentaion  of 

k 

/* 

corr  imm.v 

k 

/* 

k 

/* 

Authur:  Carole  Etherington 

k 

/* 

Last  Modified:  15Nov2010 

k 

/* 

k 

/* 

Description:  This  file  calls  a 

subroutine  that  returns 

k 

/*  the  corrleation  immunity  of  that  function  for  n=5 .  * 

/kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk 

#include  <map.h> 

#include  <stdlib.h> 


/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 


void  subr  (  int64  t*,  int64  t*,  int); 
int  main ( ) 

{  FILE  * res  map, *res  cpu; 

int  mapnum=0; 
int  n=5; 
int64_t  i; 
int64  t  time  elk; 
int64_t  *ci; 
int  count  [n] ; 

ci  =  (int64_t  *)  malloc  (6*  sizeof (int64_t) ) ; 

for (i=0; i<6; i++) 

{ 

c  i  [  i  ]  =  0 ;  } 


map_allocate  ( 1 ) ; 

subr (ci, &time  clk,mapnum); 

printf("%lld  clocks\n" , time  elk) ; 
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printf("the  number 
%lld\n" , ci  [0] ) ; 

of 

functions 

with 

correlation 

immunity 

zero  is 

printf("the  number 
%lld\n",ci  [1] )  ; 

of 

functions 

with 

correlation 

immunity 

one  is 

printf("the  number 
%lld\n" , ci  [2] ) ; 

of 

functions 

with 

correlation 

immunity 

two  is 

printf("the  number 
%lld\n" , ci  [3] ) ; 

of 

functions 

with 

correlation 

immunity 

three  is 

printf("the  number 
%lld\n" , ci  [4] ) ; 

of 

functions 

with 

correlation 

immunity 

three  is 

printf("the  number 
%lld\n" , ci  [5] )  ; 

of 

functions 

with 

correlation 

immunity 

four  is 

map_f ree ( 1 ) ; 
exit ( 0 ) ; 

} 

2.  subr.mc 


/*******************************************************************/ 
/*  *  / 

/*  subr.mc  -MAP  subroutine  to  find  the  correlation  immunity  of  */ 

/*  all  five  variable  functions.  */ 

/*  */ 

/*  Author:  Carole  Etherington  */ 

/*  *  / 

/*  Last  modified:  November  15,  2010  */ 

/*  */ 

/*  */ 

/*  Description:  This  program  calls  the  macro  my  operator  */ 

/*  that  finds  the  correlation  immunity  of  a  given  function*/ 

/*  and  returns  the  correlation  immunity  of  the  function  */ 

/*  in  a  histogramto  the  program  main.c.  */ 

/*  */ 

/*******************************************************************/ 
#include  <libmap.h> 


void  subr  (  int64  t  ci[],  int64  t  *time,  int  mapnum) 

{ 

0BM_BANK_B (Cl,  int64_t, 6) 

int64_t  t0,tl; 

int64_t  i , j ; 

int  k, sel ; 

int64_t  i0,il; 

int8_t  myout; 

int64_t  size; 

int64_t  a,b; 

int  n=5; 

int64_t  HO [ 5 ] ,  H1[5],H2[5],H3[5]; 
read_timer ( &t0 ) ; 
k=0  ; 

for (i=0; i<65536; i++) 

{ 

for(j=0;j<65536;j++) 

{  i0=i ; 
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il=j  ; 

my_operator (iO, il, Smyout) ; 
sel=k&3 ; 
if ( sel==0 ) 

HO [myout] ++; 
if ( sel==l ) 

HI [myout] ++; 
if (sel==2) 

H2 [myout] ++; 
if ( sel==3 ) 

H3 [myout] ++; 

k++ ; 

}  } 

for (i=0; i<=n; i++) 

Cl [i]=H0 [i] +H1 [i] +H2 [i] +H3  [i] ; 


read_timer ( &tl ) ; 
*time= (tl-tO) ; 


DMA_CPU (OBM2CM, CI , MAP_OBM_stripe ( 1 , "B" ) , ci , 1 , 6*sizeof (int64_t) , 0) 
wait  DMA ( 0 ) ; } 

3.  blk.v 


/****************************************************************** 
/*  * 

/*  blk.v  -a  black-box  file  that  specifies  the  input/output  of  * 
/*  corr_imm.v  * 
/*  * 

/*  Authur:  Carole  Etherington  * 
/*  Last  Modified:  15Nov2010  * 
/*  * 
/****************************************************************** 


/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 


module  corr  imm(TT  ext,TT2  ext 

input  CLK; 

input [63:0]  TT_ext; 

input [63:0]  TT2_ext; 

output  [7:0]  CI_ext; 


CI  ext, CLK); 


endmodule 


4.  info 


/****************************************************************** 
/*  * 

/*  info  -  This  file  provides  information  on  the  latency,  inputs,* 
/*  outputs  for  the  macro,  type  of  macro  and  output  for  * 

/*  debugging  purposes  * 

/*  Authur:  Carole  Etherington  * 

/*  Last  Modified:  15Nov2010  * 

/*  * 

/****************************************************************** 


/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 


BEGIN  DEF  "my  operator" 
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MACRO=  "corr  imm"; 

STATEFUL  =N07 
EXTERNAL  =N0; 

PIPELINED  =YES ; 

LATENCY  =4; 

INPUTS=2 : 

I0=INT  64  BITS  (TT_ext [63 : 0] ) 

I 1=INT  64  BITS  (TT2_ext [63:0]); 

OUTPUTS=l : 

O0=INT  8  BITS (CI_ext [7 : 0] ) ; 

IN_SIGNAL:  1  BITS  "CLK"="CLOCK" ; 

DEBUG_HEADER  =# 

void  my  operator  dbg(int64  t  TT,int64  t  TT2,  int8  t  *CI  Ptr) ; 

#; 

DEBUG_FUNC=# 

void  my  operator  dbg  (int64  t  TT,  int64  t  TT2,int8  t  *CI  Ptr) 
{ *CI_Ptr=2 ; } 

#; 


END  DEF 


5.  corr  imm.v 


module  corr  imm  (Cl  ext,  TT  ext,TT2  ext,  CLK)  ; 
/******************************************************************** 

/*  corr  imm  -Verilog  code  that  accepts  the  truth  table,  TT,  of  an 
/*  n-variable  function  and  produces  the  correlation 

/*  immunity,  C,  of  that  function. 

/*  Created:  October  8,  2010 

/*  Last  Modified:  November  15,  2010 

/*  Author:  C.  Etherington  and  J.  T.  Butler 

/******************************************************************** 


*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 


parameter  n=5;  //  n  =  number  of  variables 

localparam  N  =  2**n; 

localparam  m  =  clogb2 (n) ;  //  m  =  number  of  bits  to  represent  n. 


wire  [N-l : 0] 
input  [63:0] 
input  [63:0] 


TT;  //  The  truth  table  of  the  given  function. 

TT^ext; 

TT2  ext; 


input 

wire  [m-1 : 0] 
output  [7:0] 


CLK; 

Cl;  //  C  can  be  as  large  as  ceil (log_2 (n) .. 

Cl  ext; 


wire  [n:0]  k//k[i]  =  1  iff  function  has  cor.  im.  at  least  i. 

genvar  i ; 


generate 

assign  k[0]=l'bl;  //function  will  always  have  at  least  correlation 
//immunity  zero 
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assign  TT[31:16]  =TT_ext [15 : 0]  ; 
assign  TT[15:0]=  TT2_ext [ 15 : 0 ] ; 


for  (i=l;  i<=n;  i  =  i+1)//  Enumerate  i  the  index  of  k  to 

//determine  highest  correlation. 


begintmult  k 

cor_im_i  # ( . n (n) , . i ( i) )  ul  (k[i],  TT,CLK);  / / k [ i ] — 1 
//iff  TT  has  cor.  im.  at  least  i. 


end 


endgenerate 

pri  enc  u2  (Cl,  CLK,  k)  ; 

assign  CI_ext  =  {  { ( 8-m) { 1 ' bO } } ,  Cl  }; 

//Constant  function  to  find  the  ceiling  of  log  base  two  of  d 
function  integer  clogb2 (input  integer  d) ; 
begin 

for (clogb2=0;  d>0;  clogb2  =  clogb2  +  1) 
d  =  d  »  1; 

end 

endfunction 


endmodule 


module  cor  im  i  (k  i,  TT,CLK); 


/********************************************************************/ 

/* 

corr  imm 

i 

Verilog  code  that  accepts  the  truth  table,  TT,  of 

*/ 

/* 

an  n-variable  function  and  produces  k  i=l  iff  the 

*/ 

/* 

function  has  cor.  im.  at  least  i,  where  i  is  a 

*/ 

/* 

parameter.  That  is,  corr  imm  i  is  a  called  from  a 

*/ 

/* 

generate  for  loop  with  index  i.  corr  imm  i  then 

*/ 

/* 

enumerates  all  combinations  of  i  input  variables 

*/ 

/* 

and  produces  k  i=l  iff  for  all  assignments  of 

*/ 

/* 

values  to  the  i  input  variables  the  function  has 

*/ 

/* 

the  same  number  of  l's  (and  holds  for  all 

*/ 

/* 

combinations) .  This  circuit  consists  of  many 

*/ 

/* 

adders,  which  add  the  number  of  l's  in  portions 

*/ 

/* 

of  the  truth  table  of  the  function.  This  circuit 

*/ 

/* 

performs  the  following  sequential  code  for  some 

*/ 

/* 

combination  of  i  variables  indexed  by  comb 

*/ 

/* 

(0  <=  comb  <  C(n,i)). 

*/ 

/* 

Created : 

October  8,  2010 

*/ 

/* 

Last 

Modified:  November  15,  2010 

*/ 

/*  Author:  C.  Etherington  and  J.  T.  Butler  */ 

/*******************************************************************/ 

parameter  n=5;  //  n  =  the  number  of  variables 

parameter  i  =  2; 
localparam  N  =  2**n; 

localparam  size=comb  nk(n,i);  //finds  the  number  of  possible 

//combinations  for  choosing 

// i  variables  from  the  number  of 

//variables  in  the  function 

input  [N— 1:0]  TT;  //  The  truth  table  of  the  given  function. 
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input  CLK; 

output  k_i;  //  C  can  be  as  large  as  ceil ( log_2 (n) .. 

reg  k_i ; 

reg  [n-l:0]  sum  [64:0] ; 

integer  comb, u, v, cwc; 

always  @ (posedge  CLK) 
begin 
k  i=l; 

for  (comb=0;  comb<size;  comb=comb+l)  //total  number  of  ways  to  pick 
i  varaibles  from  n 
begin 

//  if(k_i==l) 
begin 

cwc=int2cwc (n, i, comb) ; 

for  (u=0;  u<=(2**i-l);  u=u+l)  / /ennumerates  the  number  of 

//subfunctions  of  size  i  with  different  values 
begin  //Scan  the  2**i  subfunctions. 

sum[u]  =  0;  //stores  number  of  ones  initially  set  to  zero 
for(v=0;  v<=2** (n-i) -1;  v=v+l ) //ennumerates  the  possible 

//values  of  n-i  variables 

begin 

sum[u]  =  sum[u]  +  TT [index (n, i, cwc, u, v) ]; //totals  the 
//number  of  ones  for  each  value  of  u. 

//by  finding  the  fuction  value  for  a  set  u 
//and  for  each  value  of  v. 

end 

end 


for  (u=0;  u<2**i-l;  u=u+l) 

begin  //Check  that  all  subfunctions  have  the  same 
if  (sum[u]  !=  sum[u+l])//  number  of  Is.  If  not,  set  k  i=0 . 
k  i  =  0 ; 


end 

end 

end 

end 

//Constant  function 

function  integer  index; //Index  to  TT. 

input  integer  n;  //Number  of  variables. 

input  integer  i;  //Prospective  cor.  im.  (1  <=  i  <=  n) 

input  integer  cwc;  //Index  to  i-combination .  comb [0] =5  comb [1] =4 

/ / comb [2 ] =3  =>  111000 

input  integer  u;  //Index  to  subfunction  0  <=  u  <  2Ai. 

input  integer  v;  //Index  to  minterm  of  subfunction  -  0  <=  v  <  2A(n-i) 


integer  cwc  temp; 

integer  u  idx,  v  idx,  c  idx; 

integer  u  temp,  v  temp; 

integer  temp; 

begin 

u  idx=i-l; 
v  idx=n-i-l; 
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index=0 ; 
u_temp=u; 
v  temp=v; 
cwc_temp=cwc; 

//the  following  loop  finds  the  truth  table  index  given  a  set  u  and  v 
//the  binary  values  of  u  will  be  place  in  the  corresponding  the 
binary  values  of  u  will  be  place 

//in  the  corresponding  binary  one  position  of  the  CWC  and  the 
binary  values  of  v  are  placed  in 

//the  binary  zero  positions  of  the  CWC 
for (c  idx=(n-l);c  idx>=0;c  idx=c  idx-1) 
begin 

if((cwc  temp-2**c  idx) >=0 ) / /does  the  cwc  have  a  one  in  the  c  idx 
begin 

cwc  temp=cwc  temp-2**c  idx; 

if ( (u  temp-2**u  idx)>=0)//if  the  u  binary  value  has  a  one  in 

//the  u  idx  position  then 

begin  //the  index  binary  value  will  have  a 

//one  in  the  cwc_idx  position 

index=index+2**c  idx; 
u  temp=u  temp-2**u  idx; 
end 

u  idx=u  idx-1; //one  less  u  binary  value  to  place  in  index 
/ /value 

end 

else  //if  the  cwc  has  a  zero  in  the  c  idx  position 
begin 

if ( (v  temp-2**v  idx)>=0)//if  the  binary  v  value  has  a  one 

//in  the  v  idx  position 

begin  //then  the  index  value  will  have  a 

//one  in  the  cwc_idx  position 
index=index+2**c  idx; 
v  temp=v  temp-2**v  idx; 
end 

v  idx=v  idx-1;  //one  less  binary  v  value  to  place 
end 

end 

end 

endfunction 

function  integer  int2cwc ( input  integer  n,  input  integer  i,  input 
integer  comb) ; 

//functions  uses  the  index  value  to  assign  exactly  i  ones  to  a  n  bit 
/ / string 

integer  N,k,comb  temp, temp; 
begin 

N=n-1;//  number  of  positions  to  place  a  one  from  n-1  to  zero 
k=i;  //number  of  ones 
comb  temp=comb; 
int2cwc=0 ; 

while ( k>= 1 )  //loop  continues  until  all  ones  have  been  placed  in  the 
/ / string 

begin 

temp=comb  nk (N, k) ; 
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if (comb  temp-temp>=0 )  //if  comb  is  greater  than  N  choose  k 
begin 

int2cwc=int2cwc+2**N; //  then  place  a  one  in  the  N  position 

comb  temp=comb  temp-temp; 

k=k-l ; //decrease  number  of  ones  to  place 

end 

N=N-1 ; //decrease  the  number  of  positions  to  place  a  one. 

end 

end 

endfunction 

function  integer  comb  nk (input  integer  n,  input  integer  k) ; 
integer  k  h, k  l,i; 
begin : f 2 
if (n  <  k) 
comb  nk  =  0; 
else 
begin 
k  h  =  k  ; 
k  1  =  n  -  k  ; 
if  ( k_l  >  k_h) 
begin 

k  h  =  n  -  k  ; 
k_l  =  k; 
end 

comb  nk  =  1; 

for(i  =  n;  i>k  h;  i  =  i — 1 ) 
comb  nk  =  comb  nk*i; 
for(i  =  1;  i<=k  1;  i  =  i+1) 
comb  nk  =  comb  nk/i; 
end 
end 

endfunction 

endmodule 

module  pri  enc  (Cl,  CLK,  k) ; 

/*********************************************************************/ 
/*  pri  enc-Verilog  code  for  a  priority  encoder.  It  examines  elements*/ 


/*  of  vector  k[i],  which  will  be  1  for  1  <=  j  and  0  for  */ 
/*  j+1  <=  n,  in  which  case  the  correlation  immunity.  Cl  is  j*/ 
/*  and  produces  the  correlation  immunity,  C,  of  that  */ 
/*  function.  */ 
/*  Created:  October  8,  2010  */ 
/*  Last  Modified:  November  15,  2010  */ 
/*  Author:  C.  Etherington  and  J.  T.  Butler  */ 


/*********************************************************************/ 
parameter  n=5;  //  n  =  the  number  of  variables 

localparam  m  =  clogb2 (n) ; 

// 

input  CLK; 

input  [n:0]  k;  //  k[i]=l  means  function  has 

cor.  im.  at  least  i. 
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//  Cl  can  be  as  large  as 


output  [m-l:0]  CI; 

ceil ( log_2 (n) . 
reg  [m-l:0]  CI; 

integer  i=l; 

always  @ (posedge  CLK) 
begin 

i  =  0;  //Set  i  =  0  and  check,  for  each  i  from 
while  ( (i<=n)  &&  (k[i]  ==  l'bl))  //  0  to  n,  if  k[i]=l.  When 

//k[i+l]  =  0, 

begin : stage 

i  =  i  + 1  ; 

end 

Cl  =  i-1 ; 

end 


C.  CORRELATION  IMMUNITY  FOR  N=6 

1.  main.c 

/******************************************************************/ 


/* 

*/ 

/*  main 

. c  -a  c  program  designed  to  run  a  SRC6  implentaion 

of 

*/ 

/* 

corr  imm.v 

*/ 

/* 

*/ 

/* 

Authur:  Carole  Etherington 

*/ 

/* 

Last  Modified:  22Nov2010 

*/ 

/* 

*/ 

/* 

Description:  This  file  calls  a  subroutine  that  returns 

*/ 

/* 

the  corrleation  immunity  of  that  function  for 

n=6 . 

*/ 

/******************************************************************/ 

#include  <map.h> 

#include  <stdlib.h> 

void  subr  (  int64_t*,  int64_t*,  int); 
int  main ( ) 

{  FILE  * res  map, *res  cpu; 

int  mapnum=0; 
int  n=6; 
int64_t  i; 
int64  t  time  elk; 
int64__t  *ci; 
int  count [n] ; 

ci  =  (int64  t  *)  malloc  (7*  sizeof  (int64  t) ) ; 

for (i=0; i<7; i++) 

{ 

ci [ i ] =0 ; } 
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map_allocate ( 1 ) ; 

subr (ci, &time_clk, mapnum) ; 


printf("%lld  clocks\n" , time  elk); 


printf("the  number 
%lld\n" , ci  [0] ) ; 

of 

functions 

with 

correlation 

immunity 

zero  is 

printf("the  number 
%lld\n" , ci  [1] ) ; 

of 

functions 

with 

correlation 

immunity 

one  is 

printf("the  number 
%lld\n" , ci  [2] )  ; 

of 

functions 

with 

correlation 

immunity 

two  is 

printf("the  number 
%lld\n" , ci  [3] ) ; 

of 

functions 

with 

correlation 

immunity 

three  is 

printf("the  number 
%lld\n" , ci  [4] ) ; 

of 

functions 

with 

correlation 

immunity 

three  is 

printf("the  number 
%lld\n" , ci  [5] ) ; 

of 

functions 

with 

correlation 

immunity 

three  is 

printf("the  number 
%lld\n" , ci  [6] ) ; 

map  free  ( 1 ) 
exit ( 0 ) ; 

of 

r 

functions 

with 

correlation 

immunity 

four  is 

} 


2.  subr.mc 


/*******************************************************************/ 
/*  */ 

/*  subr.mc  -MAP  subroutine  to  find  the  correlation  immunity  of  */ 

/*  all  five  variable  functions.  */ 

/*  */ 

/*  Author:  Carole  Etherington  */ 

/*  */ 

/*  Last  modified:  November  22,  2010  */ 

/*  */ 

/*  */ 

/*  Description:  This  program  calls  the  macro  my  operator  */ 

/*  that  finds  the  correlation  immunity  of  a  given  function*/ 

/*  and  returns  the  correlation  immunity  of  the  function  */ 

/*  in  a  histogramto  the  program  main.c.  */ 

/*  */ 

/*******************************************************************/ 
#include  <libmap.h> 

void  sre  random  32  (int  enable,  int  seed,  int  reset,  int*  output); 


void  subr  (  int64  t  ci[],  int64  t  *time,  int  mapnum) 

{ 

0BM_BANK_B (CI,  int64_t,7) 

int64_t  t0,tl; 

int64_t  i , j ; 

int  k,sel; 

int64_t  i0,il; 

int8_t  myout; 

int64_t  size; 

int64  t  a,b; 
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int  n=5; 

int64_t  HO [ 5 ] ,  HI  [5]  ,  H2  [5]  ,  H3  [5]  ; 
read_timer ( &tO ) ; 
k=0  ; 

for (i=0; i<65536; i++) 

{ 

for ( j=0; j <6553 6; j++) 

{ i0=src_random_32  (1,  seed,  i==0,  &rndm) ; 

il=src_random_32  (1,  seed,  j==0,  &rndm) ; 
my_operator (iO, il, Smyout) ; 
sel=k&3 ; 
if (sel==0) 

HO [myout] ++; 
if ( sel==l ) 

HI [myout] ++; 
if ( sel==2 ) 

H2 [myout] ++; 
if (sel==3) 

H3 [myout] ++; 

k++ ; 

}  } 


for (i=0; i<=n; i++) 

Cl [ i ] =H0 [ i ] +H1 [i] +H2 [i] +H3 [i] ; 


read_timer ( &tl ) ; 

*time= (tl-tO) ; 

DMA_CPU (OBM2CM, Cl , MAP_OBM_stripe (1, "B") , ci, 1, 7*sizeof (int64_t) , 0) 
wait  DMA ( 0 ) ; 

} 

3.  blk.v 

/******************************************************************/ 

/*  */ 

/*  blk.v  -a  black-box  file  that  specifies  the  input/output  of  */ 
/*  corr_imm.v  */ 

/*  */ 

/*  Authur:  Carole  Etherington  */ 

/*  Last  Modified:  22Nov2010  */ 

/*  */ 

/******************************************************************/ 

module  corr  imm(TT  ext,TT2  ext,CI  ext,CLK); 

input  CLK; 

input [63:0]  TT_ext; 

input [63:0]  TT2_ext; 

output [7:0]  CI_ext; 

endmodule 

4.  info 


/******************************************************************/ 
/*  */ 
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/*  info  -  This  file  provides  information  on  the  latency,  inputs,*/ 
/*  outputs  for  the  macro,  type  of  macro  and  output  for  */ 


/*  debugging  purposes  */ 
/*  Authur:  Carole  Etherington  */ 
/*  Last  Modified:  22Nov2010  */ 
/*  *  / 


/******************************************************************/ 
BEGIN  DEF  "my  operator" 

MACRO=  "corr  imm" ; 

STATEFUL  =N07 
EXTERNAL  =N0; 

PIPELINED  =YES ; 

LATENCY  =4; 


INPUTS=2 : 

I 0=INT  64  BITS  (TT_ext [63 : 0] ) 

I1=INT  64  BITS  (TT2_ext [63:0]); 

OUTPUTS=l : 

O0=INT  8  BITS (CI_ext [7 : 0] ) ; 

IN_SIGNAL:  1  BITS  "CLK"="CLOCK" ; 

DEBUG_HEADER  =# 

void  my  operator  dbg(int64  t  TT,int64  t  TT2,  int8  t  *CI  Ptr)  ; 

#; 


DEBUG_FUNC=# 

void  my  operator  dbg  (int64  t  TT,  int64  t  TT2,int8  t  *CI  Ptr) 
{ *CI_Ptr=2 ; } 

#; 

END  DEF 


corr  imm.v 


modul 
/*  *  *  * 

/*  corr  imm  i 


e  corr  imm  (Cl  ext,  TT  ext,TT2  ext,  CLK) ; 
****************************************************************/ 


/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 


Verilog  code  that  accepts  the  truth  table,  TT,  of 
an  n-variable  function  and  produces  k  i=l  iff  the 
function  has  cor.  im.  at  least  i,  where  i  is  a 
parameter.  That  is,  corr_imm  i  is  a  called  from  , 
generate  for  loop  with  index  i.  corr  imm  i  then 
enumerates  all  combinations  of  i  input  variables 
and  produces  k  i=l  iff  for  all  assignments  of 
values  to  the  i  input  variables  the  function  has 
the  same  number  of  l's  (and  holds  for  all 
combinations) .  This  circuit  consists  of  many 
adders,  which  add  the  number  of  l's  in  portions 
of  the  truth  table  of  the  function.  This  circuit 
performs  the  following  sequential  code  for  some 
combination  of  i  variables  indexed  by  comb 
(0  <=  comb  <  C(n,i)). 

Created:  October  8,  2010 

Last  Modified:  November  22,  2010 

Author:  C.  Etherington  and  J.  T.  Butler 


*/ 
*/ 
*/ 
i  */ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
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/*******************************************************************/ 
parameter  n  =  6;  //  n  =  number  of  variables 

localparam  N  =  2**n; 

localparam  m  =  clogb2 (n) ;  //  m  =  number  of  bits  to  represent 

n . 


wire  [N-l : 0] 
input  [63:0] 
input  [63:0] 


TT;  //  The  truth  table  of  the  given  function. 

TT^ext; 

TT2  ext; 


input 

wire  [m-1 : 0] 
output  [7:0] 


CLK; 

Cl;  //  C  can  be  as  large  as  ceil (log_2 (n) . . 

Cl  ext; 


wire  [n:0]  k;//k[i]  =  1  iff  function  has  cor.  im.  at  least  i. 

genvar  i ; 


generate 

assign  k[0]=l'bl; 
assign  TT[31:0]  =TT_ext [31 : 0] ; 
assign  TT[63:32]=  TT2_ext [ 31 : 0 ] ; 


for  ( i — H ;  i<=n;  i  =  i+1)//  Enumerate  i  the  index  of  k  to  determine 

//highest  correlation. 

begin: mult  k 

cor_im_i  # ( . n (n) , . i ( i ) )  ul  ( k [ i ] ,  TT,CLK);  //k[i]=l 
//iff  TT  has  cor.  im.  at  least  i. 

end 


endgenerate 


pri  enc  u2  (Cl,  CLK,  k)  ; 

assign  CI_ext  =  {  { ( 8-m) { 1 ' bO } } ,  Cl  }; 


//Constant  function  to  find  the  ceiling  of  log  base  two 
function  integer  clogb2 (input  integer  d)  ; 
begin 

for (clogb2=0;  d>0;  clogb2  =  clogb2  +  1) 
d  =  d  »  1; 


end 

endfunction 

endmodule 


of  d 


module  cor  im  i  (k  i,  TT,CLK); 

/'k-k'k-k-k-k'k-k'k-k-k'k-k-k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k-k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k-k-k'k-k'k-k'k/ 

/*  corr  imm  i  Verilog  code  that  accepts  the  truth  table,  TT,  of  */ 

/*  an  n-variable  function  and  produces  k  i=l  iff  the  */ 

/*  function  has  cor.  im.  at  least  i,  where  i  is  a  */ 

/*  parameter.  That  is,  corr  imm  i  is  a  called  from  a  */ 

/*  generate  for  loop  with  index  i.  corr  imm  i  then  */ 

/*  enumerates  all  combinations  of  i  input  variables  */ 

/*  and  produces  k  i=l  iff  for  all  assignments  of  */ 

/*  values  to  the  i  input  variables  the  function  has  */ 
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/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/ 


the  same  number  of  l's  (and  holds  for  all 
combinations) .  This  circuit  consists  of  many 
adders,  which  add  the  number  of  l's  in  portions 
of  the  truth  table  of  the  function.  This  circuit 
performs  the  following  sequential  code  for  some 
combination  of  i  variables  indexed  by  comb 
(0  <=  comb  <  C(n,i)). 

Created:  October  8,  2010 

Last  Modified:  November  22,  2010 

Author:  C.  Etherington  and  J.  T.  Butler 


*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 


•k'k-k'k-k'k-k'k-k'k-k'k-k-k'k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k-k'k'k-k'k'k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k'k 


/ 


//  n  =  the  number  of  variables 


parameter  n  =  6; 
parameter  i  =  2; 
localparam  N  =  2**n; 

localparam  size=comb  nk(n,i);  //finds  the  number  of  possible 

//combinations  for  choosing 

// i  variables  from  the  number  of  variables  in  the  function 
input  [N— 1:0]  TT;  //  The  truth  table  of  the  given  function, 

input  CLK; 

output  k_i;  // 

reg  k_i ; 

reg  [n-l:0]  sum  [64:0] ; 

integer  comb, u, v, cwc; 


C  can  be  as  large  as  ceil (log  2 (n) . . 


always  @ (posedge  CLK) 


begin 
k  i=l; 

for  (comb=0;  combksize;  comb=comb+l)  //total  number  of  ways  to  pick 

/ / i  varaibles  from  n 

begin 

//  if (k_i==l) 
begin 

cwc=int2cwc (n, i, comb) ; 

for  (u=0;  u<=(2**i-l);  u=u+l)  //ennumerates  the  number  of 

//subfunctions  of  size  i  with  different  values 
begin  //Scan  the  2**i  subfunctions. 

sum[u]  =  0;  //stores  number  of  ones  initially  set  to  zero 
for(v=0;  v<=2** (n-i) -1;  v=v+l )/ /ennumerates  the  possible 

//values  of  n-i  variables 


begin 

sum[u]  =  sum[u]  +  TT [index (n, i, cwc, u, v) ]; //totals  the 
//number  of  ones  for  each  value  of  u  by  finding  the 
//fuction  value  for  a  set  u  and  for  each  value  of  v 


end 

end 


for  (u=0;  u<2**i-l;  u=u+l) 

begin  //Check  that  all  subfunctions  have  the  same 

if  (sum[u]  !=  sum[u+l] ) //  number  of  Is.  If  not,  set 

/ /k_i=0 . 

k_i  =  0 ; 

end 

end 


end 
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end 

//Constant  function 

function  integer  index; //Index  to  TT. 

input  integer  n;  //Number  of  variables. 

input  integer  i;  //Prospective  cor.  im.  (1  <=  i  <=  n) 

input  integer  cwc;  //Index  to  i-combination . 

input  integer  u;  //Index  to  subfunction  -  0  <=  u  <  2Ai. 

input  integer  v;  //Index  to  rainterm  of  subfunction  -  0  <=  v  <  2A(n-i)  . 

integer  cwc  temp; 

integer  u  idx,  v  idx,  c  idx; 

integer  u  temp,  v  temp; 

integer  temp; 

begin 


u  idx=i-l; 
v  idx=n-i-l; 
index=0 ; 
u_temp=u; 
v  temp=v; 
cwc_temp=cwc ; 


//the  following  loop  finds  the  truth  table  index  given  a  set  u  and  v 
//the  binary  values  of  u  will  be  place  in  the  corresponding  the 
//binary  values  of  u  will  be  place  in  the  corresponding  binary  one 
//position  of  the  CWC  and  the  binary  values  of  v  are  placed  in 
//the  binary  zero  positions  of  the  CWC 
for (c  idx=(n-l);c  idx>=0;c  idx=c  idx-1) 
begin 

if ((cwc  temp-2**c  idx)>=0)  //does  the  cwc  have  a  one  in  the 

//c_idx  position 

begin 

cwc  temp=cwc  temp-2**c  idx; 

if ( (u  temp-2**u  idx)>=0)//if  the  u  binary  value  has  a  one  in 

//the  u  idx  position  then 

begin  //the  index  binary  value  will  have  a 

//one  in  the  cwc  idx  position 

index=index+2**c  idx; 
u  temp=u  temp-2**u  idx; 
end 


u  idx=u  idx-1; //one  less  u  binary  value  to  place  in  index 
end 

else  //if  the  cwc  has  a  zero  in  the  c  idx  position 
begin 

if ( (v  temp-2**v  idx)>=0)//if  the  binary  v  value  has  a  one 

//in  the  v  idx  position 

begin  //then  the  index  value  will  have  a  one  in 

//the  cwc  idx  position 
index=index+2**c  idx; 
v  temp=v  temp-2**v  idx; 
end 


v  idx=v  idx-1;  //one  less  binary  v  value  to  place 
end 


end 


end 

endfunction 


63 


function  integer  int2cwc ( input  integer  n,  input  integer  i,  input 
integer  comb) ; 

//functions  uses  the  index  value  to  assign  exactly  i  ones  to  a  n  bit 
string 

integer  N,k,comb  temp, temp; 
begin 

N=n-1;//  number  of  positions  to  place  a  one  from  n-1  to  zero 
k=i;  //number  of  ones 
comb  temp=comb; 
int2cwc=0 ; 

while (k>=l)  //loop  continues  until  all  ones  have  been  placed  in 

//the  string 

begin 

temp=comb  nk (N, k) ; 

if (comb  temp-temp>=0 )  //if  comb  is  greater  than  N  choose  k 
begin 

int2cwc=int2cwc+2**N; //  then  place  a  one  in  the  N  position 

comb  temp=comb  temp-temp; 

k=k-l ; //decrease  number  of  ones  to  place 

end 

N=N-1 ; //decrease  the  number  of  positions  to  place  a  one. 

end 

end 

endfunction 

function  integer  comb  nk (input  integer  n,  input  integer  k) ; 
integer  k  h, k  l,i; 
begin : f 2 
if (n  <  k) 
comb  nk  =  0; 
else 
begin 
k  h  =  k  ; 
k_l  =  n  -  k; 
if  (k_l  >  k_h) 
begin 

k  h  =  n  -  k  ; 
k_l  =  k; 
end 

comb  nk  =  1; 

for(i  =  n;  i>k  h;  i  =  i-1) 
comb  nk  =  comb  nk*i; 
for(i  =  1;  i<=k  1;  i  =  i+1) 
comb  nk  =  comb  nk/i; 
end 
end 

endfunction 

endmodule 

module  pri  enc  (Cl,  CLK,  k)  ; 

/*********************************************************************/ 
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/* 

/* 

/* 

/* 

/* 

/* 


pri_enc-Verilog  code  for  a  priority  encoder.  It  examines  elements*/ 
of  vector  k[i],  which  will  be  1  for  1  <=  j  and  0  for  */ 

j+1  <=  n,  in  which  case  the  correlation  immunity.  Cl  is  j*/ 
and  produces  the  correlation  immunity,  C,  of  that 
function . 

*  Created:  October  8,  2010 

/*  Last  Modified:  November  22,  2010 
/*  Author:  C.  Etherington  and  J.  T.  Butler 


*/ 

*/ 

*/ 

*/ 

*/ 


/ 


•k'k'k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k'k 


/ 


parameter  n  = 

6; 

localparam  m  = 

clogb2 (n) 

r 

input 

CLK; 

input  [n:0] 

k;// 

k[i]=l  means 

output  [m-l:0] 

Cl; 

//  Cl  can 

reg  [m-l:0] 

Cl; 

integer 

i=l ; 

//  n  =  the  number  of  variables 


function  has  cor.  im.  at  least  i. 
be  as  large  as  ceil ( log_2 (n) . 


always  @  (posedge  CLK) 
begin 

i  =  0;  //Set  i  =  0  and  check,  for  each  i  from 

while  ((i<=n)  &&  ( k [ i ]  ==  l'bl)) 

begin: stage  //  set  Cl  to  i. 
i  =  i  + 1  ; 

end 

Cl  =  i-1 

end 


//Constant  function 
function  integer  clogb2 (input 
begin 

for (clogb2=0; 

d  =  d 


end 

endfunction 

endmodule 


integer  d) ; 

d>0;  clogb2 

»  1; 


clogb2  +  1) 


D.  CORRELATION  IMMUNITY  FOR  BALANCED  FUNCTIONS,  N=5 


1.  main.c 


/*******************************************************************/ 

/*  *  / 

/*  main.c  -a  c  program  designed  to  run  a  SRC6  implentaion  of  */ 

/*  corr_imm.v  */ 

/*  */ 

/*  Authur:  Carole  Etherington  */ 

/*  Last  Modified:  04Nov2010  */ 

/*  */ 

/*  Description:  This  file  creates  every  possible  16  bit  */ 

/*  binary  number  with  eight  ones  and  eight  zeros  and  */ 

/*  then  calls  a  subroutine  that  returns  the  corrleation* / 

/*  immunity  of  that  function.  */ 
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/******************************************************************/ 
#include  <map.h> 

#include  <stdlib.h> 


void  subr  (int64  t*,  int64  t*,  int64  t*,  int); 
int  main ( ) 

{  FILE  * res  map, *res  cpu; 

int  mapnum=0; 
int  n=4; 
int  k=8; 

int  comb, numer, denom, temp, i , N, comb  temp, a; 

int64  t  time  elk; 

int64  t  *x,  *ci; 

int  pow2 [16] ; 

pow2 [  0 ] =1 ; 

pow2 [ 1 ] =2 ; 

pow2 [2] =4 ; 

pow2 [ 3 ] =8 ; 

pow2 [4] =  16; 

pow2 [ 5 ] =32 ; 

pow2 [ 6] =64 ; 

pow2 [7] =128; 

pow2 [8] =256; 

pow2 [9] =512; 

pow2 [10] =1024 ; 

pow2 [11] =2048; 

pow2 [12] =4096; 

pow2 [13] =8192; 

pow2 [14] =16384; 

pow2 [15] =32768; 

x  =  (int64  t  *)  malloc  (12870*  sizeof(int64  t) ) ; 
ci  =  (int64_t  *)  malloc  (6*  sizeof (int64_t) ) ; 

for (i=0; i<6; i++) 
ci [i] =0; 

/ /Uses  a  index  to  constan  weight  convertor  to  place 
//eight  ones  in  a  sixteen  bit  number 
for (i=0; i< 12870 ;i++) 

{ 

comb  temp=i; 

N=16-l;//the  total  number  of  bits  minus  one.  This  number 
//is  increment  each  time  to  place  either  a  one  or 
//zero  in  the  15th  to  0  bit  position 
x [ i ] =0 ; 

k=8; //number  of  ones  the  final  number  will  have 

while ( (N>=0) && (k>0) )  //loop  continues  until  all  ones  have 

been  postioned 

{  if  (N<k) 
temp=0 ; 
else 

{ numer=l ; 
denom=l ; 
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for (a=N; a>k; a--) 

numer=numer*a; 
f or (a= (N-k) ; a>l ; a--) 

denom=denom*  a ; 
temp=numer/ denom; 

}  //else 

if ( (comb_temp-temp) >=0) 

{ x [ i ] =x [ i ] +pow2 [N] ; 
comb  temp=comb  temp-temp; 

k=k-l;//put  one  in  N  bit  position  and  decrease 
number  of  ones 

}  //if 

N=N-1 ; //decrease  bit  position  to  be  filled 
} / /while 


map_allocate  (1); 

subr (x, ci , &time  clk,mapnum); 

printf("%lld  clocks\n" , time  elk); 


printf ( 
%lld\n" , 

"the 
ci  [0] 

number 

)  ; 

of 

functions 

with 

correlation 

immunity 

zero 

is 

printf ( 
%lld\n" , 

"the 
ci  [1] 

number 

)  ; 

of 

functions 

with 

correlation 

immunity 

one 

is 

printf ( 
%lld\n" , 

"the 
ci  [2  ] 

number 

)  ; 

of 

functions 

with 

correlation 

immunity 

two 

is 

printf ( 
%lld\n" , 

"the 
ci  [3] 

number 

)  ; 

of 

functions 

with 

correlation 

immunity 

three 

i, 

printf ( 
%lld\n" , 

"the 
ci  [4  ] 

number 

)  ; 

of 

functions 

with 

correlation 

immunity 

four 

is 

printf ( 
%lld\n" , 

"the 
ci  [5] 

number 

) ; 

of 

functions 

with 

correlation 

immunity 

five 

is 

map_f ree ( 1 ) ; 
exit ( 0 ) ; 

} 


2.  subr.mc 


/*******************************************************************/ 

/*  */ 

/*  subr.mc  -MAP  subroutine  to  find  the  correlation  immunity  of  */ 
/*  all  32  bit  balanced  functions  that  have  exactly  eight*/ 

/*  ones  in  the  first  16  bits  and  exactly  eight  ones  in  */ 

/*  the  last  sixteen  bits.  */ 

/*  */ 

/*  Author:  Carole  Etherington  */ 

/*  Last  modified:  November  4,  2010  */ 

/*  Description:  This  program  calls  the  macro  my  operator  */ 

/*  that  finds  the  correlation  immunity  of  a  given  function*/ 

/*  and  returns  a  histogram  of  correlation  immunity  to  the  */ 

/*  program  main.c.  */ 
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/*******************************************************************/ 


#include  <libmap.h> 

void  subr  (int64  t  x[],  int64  t  ci[],  int64  t  *time,  int  mapnum) 

{ 

OBM_BANK_A(X,  int64_t,  12870) 

0BM_BANK_B (Cl,  int64_t, 6) 

int64_t  t0,tl; 

int  i , j , sel; 

int64_t  i0,il; 

int8_t  myout; 

int  k=0; 

int64_t  HO [6] , HI [6] ,H2 [6] ,H3 [6] ; 

DMA_CPU (CM20BM,  X, 

MAP  OBM  stripe (1, "A") , x, 1, 12870*sizeof (int64  t),0); 
wait  DMA (0); 

read_timer ( &t0 )  ; 
for (i=0; i<6; i++) 

{HO [ i ] =0 ; 

HI [ i ] =0 ; 

H2  [ i ] =  0 ; 

H3 [ i ] =0 ; 

} 

//the  nested  loop  is  sent  to  the  macro  to  be  combined  to  create 
//a  64  bit  number.  Each  X  is  a  16  bit  number  that  contains  eight 
ones . 

for(j=0;j<12870;j++) 
for (i=0; i<12870; i++) 

{ i0=X [i] ; 
il=X[ j ] ; 

my_operator (iO, il,  &myout) ; 

//The  output  alternates  between  four  arrays  to  prevent  slow  down 

due  to 

//read  and  writes 

sel=k&3 ; 
if ( sel==0 ) 

HO [myout] ++; 
if ( sel==l ) 

HI [myout] ++; 
if ( sel==2 ) 

H2 [myout] ++; 
if ( sel==3 ) 

H3 [myout] ++; 

k++ ; 

} 

//all  four  values  are  combined  to  form  the  final  output 
for (i=0; i<6; i++) 

Cl [i]=H0 [i] +H1 [i] +H2 [i] +H3  [i] ; 

read_timer ( &tl ) ; 

*time= (tl-tO) ; 

DMA_CPU (OBM2CM, Cl , MAP_OBM_stripe ( 1 , "B" ) , ci , 1 , 6*sizeof (int64_t) , 0) ; 
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wait  DMA ( 0 ) ; 

} 


E.  CORRELATION  IMMUNITY  FOR  ROTATION  SYMMETRIC 
FUNCTIONS,  N=4 

1.  main.c 


*  *  *  *  / 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*  *  *  / 


void  subr  (int64  t*,  int64  t*,  int64  t*,  int) ; 

int  main ( ) 

{  FILE  * res  map, *res  cpu; 

int  mapnum=0; 
int  n=6; 
int  i , k, a, y; 

int  numer,  denom,  j,size,  comb,  comb  temp, N, cwc, temp; 

int64  t  time  elk; 

int64  t  *x,  *ci; 

int  count  [  5 ] ; 

int  pow2 [16] ; 

int  set [n] ; 

pow2 [  0 ] =1 ; 

pow2 [ 1 ] =2 ; 

pow2 [2 ] =4 ; 

pow2 [ 3 ] =8 ; 

pow2 [4] =16; 

pow2 [ 5 ] =32 ; 

pow2 [ 6] =64 ; 

pow2 [7] =128; 

pow2 [8] =256; 

pow2 [9] =512; 

pow2 [10] =1024 ; 

pow2 [11] =2048; 

pow2 [ 12 ] =4096; 


/*************************************************************** 

/* 

/*  main.c  -a  c  program  designed  to  run  a  SRC6  implentaion  of 
/*  corr_imm.v 

/* 

/*  Authur:  Carole  Etherington 

/*  Last  Modified:  04Nov2010 

/* 

/*  Description:  This  file  creates  every  possible  16  bit 

/*  rotaionally  symmetric  number  and  then  calls  a 

/*  subroutine  that  returns  the  corrleation 

/*  immunity  of  that  function. 

/*************************************************************** 

#include  <map.h> 

#include  <stdlib.h> 
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pow2 [13] =8192; 
pow2 [14] =16384; 
pow2 [15] =32768; 


j=0; 

//The  sets  of  rotionally  symmetric  numbers 
//If  one  of  the  function  values  in  one  of  the 
//sets  is  zero  then  all  the  values  must  be  zero 
//  and  if  one  function  value  is  a  one  then  all 
/ /  function  values  in  the  set  must  be  one 
set [ 0 ] =pow2 [  0  ]  ; 

set [ 1 ] =pow2 [ 1 ] +pow2 [ 8 ] +pow2 [ 4 ] +pow2  [  2 ] ; 
set  [2]  =pow2  [3]  +pow2  [9]  +pow2  [12]  +pow2  [6]  ; 
set [ 3 ] =pow2 [ 5 ] +pow2 [10] ; 

set [ 4 ] =pow2 [ 7 ] +pow2 [11] +pow2 [13] +pow2 [14] ; 
set [ 5 ] =pow2 [15] ; 


x  =  (int64  t  *)  malloc  (64*  sizeof(int64  t) ) ; 

ci  =  (int64  t  *)  malloc  (64*  sizeof (int64  t) ) ; 

//This  loop  creates  all  the  possible  combinations  of  the  sets 
//given  above.  It  starts  with  choosing  zero  sets  and  producing  the 
//zero  function  and  then  selects  one  set  and  then  two  sets  and  produces 
//all  possible  combinations  by  using  a  index  to  constant  weight 
//convertor  to  place  the  chosen  sets  to  place  a  bianry  one  value  in  the 
//positions  of  the  chosen  sets.  This  continues  until  the  final  function 
//choses  all  the  sets  to  have  a  binary  one  value, 
for (i=0; i<=6; i++) 

{ numer=l ; 
denom=l ; 

for (a=n; a>l ; a — ) 
numer=numer*a; 
f or (a= (n-i ) ; a>l ; a — ) 
denom=denom*  a ; 
size=numer/ denom; 
for (comb=0; comb<size; comb++) 

[N=n-1; 

k=i; 

comb  temp=comb; 
cwc=0 ; 

while ( (N>=0) && (k>0) ) 

{  if  (N<k) 
temp=0 ; 
else 

{ numer=l  ; 
denom=l ; 

for (a=N; a>k; a--) 

numer=numer*a; 
f or (a= (N-k) ; a>l ; a — ) 
denom=denom*  a ; 
temp=numer/ denom; 

} 
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if ( (comb_temp-temp) >=0) 

{ cwc=cwc+pow2 [N] ; 

comb  temp=comb  temp-temp; 

k=k-l; 

} 

N=N-1; 

} 

x [ j ]=0; 

for  (y=  (n-1)  ;y>=0;y— ) 

{ if ( (cwc-pow2 [y] ) >=0) 

{ x [ j ] —x [ j ] +set [y] ; 
cwc=cwc-pow2 [y] ; 

}  } 


ci [ j ] =0; 
j=j+i; 

} } 

map_allocate (1) ; 

subr (x, ci , &time  clk,mapnum); 

printf("%lld  clocks\n" , time  elk); 


for (i=0; i<=4; i++) 
{ count [ i ] =0 ; } 


for(i=0;i<64;i++) 

{ switch  (ci  [i] ) 


{case  0: 
break; 

count 

[  0 ] =count 

[  0 ] +1 ; 

case  1 : 
break; 

count 

[ 1 ] =count 

[i] +i; 

case  2 : 
break; 

count 

[2] =count 

[2] +1; 

case  3 : 
break; 

count 

[ 3 ] =count 

[3] +1; 

case  4 : 
break; 

count 

[  4 ] =count 

[4] +1; 

}  } 


printf("the  number  of 
zero  is  %lld\n" , count [i] ) ; 

printf("the  number  of 
one  is  %lld\n" , count [i] ) ; 

printf("the  number  of 
two  is  %lld\n" , count [i] ) ; 

printf("the  number  of 
three  is  %lld\n" , count [ i ]) ; 

printf("the  number  of 
four  is  %lld\n"  ,  count [i]); 


functions 

functions 

functions 

functions 

functions 


with  correlation 
with  correlation 
with  correlation 
with  correlation 
with  correlation 


immunity 

immunity 

immunity 

immunity 

immunity 


map_f ree ( 1 )  ; 
exit ( 0 ) ; 
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} 


2.  subr.mc 

/*******************************************************************/ 

/*  */ 

/*  subr.mc  -MAP  subroutine  to  find  the  correlation  immunity  of  */ 

/*  all  four  variable  functions.  */ 

/*  */ 

/*  Author:  Carole  Etherington  */ 

/*  */ 

/*  Last  modified:  November  4,  2010  */ 

/*  */ 

/*  */ 

/*  Description:  This  program  calls  the  macro  my_operator  */ 

/*  that  finds  the  correlation  immunity  of  a  given  function*/ 

/*  and  returns  the  correlation  immunity  of  the  function  */ 

/*  to  the  program  main.c.  */ 

/*  */ 

/*******************************************************************/ 


#include  <libmap.h> 

void  subr  (int64  t  x[],  int64  t  ci[],  int64  t  *time,  int  mapnum) 

{ 

OBM_BANK_A(X,  int64_t,  64) 

0BM_BANK_B (Cl,  int64_t,64) 
int64_t  t0,tl; 
int  i; 

int64  t  myin; 
int8_t  myout; 

DMA_CPU (CM20BM,  X, 

MAP  OBM  stripe ( 1 , "A" ) , x, 1 , 64* sizeof ( int64  t),0); 

_ wait_DMA ( 0 ) ; 

read_timer ( &t0 ) ; 

f or ( i=0 ; i<64 ; i++) 

{myin=X [ i ] ; 

my_operator (myin,  Smyout) ; 

Cl [i] =myout; 

} 

read__timer  ( &tl )  ; 

*time= (tl-tO) ; 

DMA_CPU (OBM2CM, Cl , MAP_OBM_stripe (1, "B") ,ci,  1, 64*sizeof (int64_t)  ,  0) 
wait  DMA ( 0 ) ; 

} 
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F. 


CORRELATION  IMMUNITY  FOR  ROTATION  SYMMETRIC 
FUNCTIONS,  N=5 


1 


main.c 


*  *  / 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 


/*  main.c 


-a  c  program  designed  to  run  a  SRC6  implentaion  of 
corr  imm.v 


/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 


Authur:  Carole  Etherington 
Last  Modified:  04Nov2010 


Description:  This  file  creates  every  possible  32  bit 
rotaionally  symmetric  number  and  then  calls  a 
subroutine  that  returns  the  corrleation 
immunity  of  that  function. 


#include  <map.h> 

#include  <stdlib.h> 

void  subr  (int64  t*,  int64  t*,  int64  t*,  int); 
int  main ( ) 


FILE  *res  map, *res  cpu; 


int  mapnum=0; 
int  n=8; 
int  i ,  k,  a,  y; 

int  numer,  denom,  j,size,  comb,  comb  temp, N, cwc, temp; 

int64  t  time  elk; 

int64  t  *x,  *ci; 

int  count  [  6] ; 

int  pow2 [16] ; 

int  setl [n] ; 

int  set2 [n] ; 

pow2 [ 0 ] =1 ; 

pow2 [ 1] =2 ; 

pow2 [2] =4 ; 

pow2 [ 3 ] =8 ; 

pow2 [4] =16; 

pow2 [ 5 ] =32 ; 

pow2 [ 6] =64 ; 

pow2 [7] =128; 

pow2 [8] =256; 

pow2 [ 9] =512 ; 

pow2 [10]=1024; 

pow2 [11] =2048; 

pow2 [ 12 ] =4096; 

pow2 [13] =8192; 

pow2 [14] =16384; 

pow2 [15] =32768; 
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j=0; 


x 


setl [ 0 ] =pow2 [ 0 ] ; 
set2 [ 0 ] =0 ; 

setl  [1]  =pow2  [1]  +pow2  [8]  +pow2  [4]  +pow2  [2]  ; 
set2 [ 1 ] =pow2 [ 0 ] ; 

setl [2] =pow2 [3] +pow2 [12] +pow2 [6] ; 

set2 [ 2 ] =pow2 [ 8 ] +pow2  [  1 ] ; 

setl [3] =pow2 [5] +pow2 [10] +pow2 [9] ; 

set2 [ 3 ] =pow2 [ 4 ] +pow2  [  2 ] ; 

setl [4] =pow2 [7] +pow2 [14] ; 

set2 [4] =pow2 [12] +pow2 [9] +pow2 [3] ; 

setl [5] =pow2 [11] +pow2 [13] ; 

set2 [ 5 ] =pow2 [10] +pow2 [ 5 ] +pow2 [ 6 ] ; 

setl [6] =pow2 [15] ; 

set2 [ 6 ] =pow2 [14] +pow2 [13] +pow2 [11] +pow2 [ 7 ] ; 

setl [7 ] =0 ; 

set2 [ 7 ] =pow2 [ 15 ] ; 

=  (int64  t  *)  malloc  (512*  sizeof(int64  t)  )  ; 


ci  =  (int64  t  *)  malloc  (256*  sizeof  (int64  t)  )  ; 


for (i=0; i<=8; i++) 

{ numer=l ; 
denom=l ; 

for (a=n; a>i; a--) 
numer=numer*a; 
f or (a= (n-i ) ; a>l ; a--) 
denom=denom*  a ; 
size=numer/ denom; 
for (comb=0; comb<size; comb++) 

{N=n-1 ; 
k=i; 

comb  temp=comb; 
cwc=0 ; 

while ( (N>=0) && (k>0) ) 

[if  (N<k) 
temp=0 ; 
else 

{ numer=l ; 
denom=l ; 

for (a=N; a>k; a--) 

numer=numer*a; 
f or (a= (N-k) ; a>l ; a — ) 
denom=denom*  a ; 
temp=numer/ denom; 

} 

if ( (comb_temp-temp) >=0) 

{ cwc=cwc+pow2 [N] ; 

comb  temp=comb  temp-temp 

k=k-l; 

} 

N=N-1 ; 

} 

x [ j ] =0; 
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x  [  j+256] =0; 

for (y= (n-1) ; y>=0;  y--) 

{ if ( (cwc-pow2 [y] ) >=0) 

{ x [ j ] —x [ j ] +setl [y] ; 
x[j+256]=x[j+256]+set2 [y] ; 
cwc=cwc-pow2 [y] ; 

}  } 

ci [ j ] =0; 

j=j+i; 

}  } 

map_allocate  ( 1 ) ; 

subr (x, ci , &time  elk, mapnum) ; 

printf("%lld  clocks\n" , time  elk); 


for (i=0; i<=5; i++) 

{ count [ i ] =0 ; } 
for (i=0; i<256; i++) 

{ switch (ci  [i] ) 


{case  0: 
break; 

count 

[ 0 ] =count 

[  0 ] +1 ; 

case  1 : 
break; 

count 

[ 1 ] =count 

[  1 ] +1 ; 

case  2 : 
break; 

count 

[2 ] =count 

[2] +1; 

case  3 : 
break; 

count 

[ 3 ] =count 

[3] +1; 

case  4 : 
break; 

count 

[ 4 ] =count 

[  4  ]  + 1 ; 

case  5: 
break; 

count 

[ 5 ] =count 

[5] +1; 

}  } 

for (i=0; i<=5; i++) 

{printf("the  number  of  functions  with  corrleation 
immunity  one  is  %lld\n" , count [ i ]); } 

map_f ree ( 1 ) ; 
exit ( 0 ) ; 


2. 

subr.mc 

/*******************************************************************/ 

/* 

*/ 

/* 

subr .me 

-MAP  subroutine  to  find  the  correlation  immunity  of 

*/ 

/* 

all  four  variable  functions. 

*/ 

/* 

*/ 

/* 

Author:  Carole  Etherington 

*/ 

/* 

*/ 

/* 

Last  modified:  November  4,  2010 

*/ 

/* 

*/ 

/* 

*/ 

/* 

Description:  This  program  calls  the  macro  my  operator 

*/ 
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/* 

/* 

/* 

/* 


that  finds  the  correlation  immunity  of  a  given  function*/ 
and  returns  the  correlation  immunity  of  the  function  */ 


to  the  program  main.c. 


*/ 

*/ 

*/ 


/*******************************************************************/ 


#include  <libmap.h> 

void  subr  (int64  t  x[],  int64  t  ci[],  int64  t  *time,  int  mapnum) 

{ 


OBM_BANK_A(X,  int64_t,  512) 
OBM_BANK_B (Cl,  int64_t,256) 
int64_t  tO,tl; 
int  i; 

int64_t  iO, il; 
int8_t  myout; 


DMA_CPU (CM20BM,  X, 

MAP  OBM  stripe ( 1 , "A" ), x, 1 , 512 *sizeof ( int64  t),0); 
_ wait  DMA ( 0 ) ; 


read  timer (&t0); 


for(i=0;i<256;i++) 


{ iO=X [ i ] ; 
il=X [i+256] ; 

my_operator (iO, il,  &myout) ; 
Cl [i] =myout; 

} 


read_timer ( &tl ) ; 
*time= (tl-tO) ; 


DMA_CPU (0BM2CM, Cl , MAP_OBM_stripe (1, "B")  ,  ci,  1, 2  56*sizeof (int64_t)  ,  0)  ; 
wait  DMA ( 0 ) ; 


G.  CORRELATION  IMMUNITY  AND  NONLINEARITY  LOR  EUNCTIONS 
OE  N=4 


1 


main.c 


**  / 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 
**  / 


/* 


/*  main.c 


-a  c  program  designed  to  run  a  SRC6  implentaion  of 
corr  imm.v 


/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 


Authur:  Carole  Etherington 
Last  Modified:  19Nov2010 


Description:  This  file  calls  a  subroutine  that  returns 
the  corrleation  immunity  and  the  nonlinearity  of 
of  all  functions  for  n=4 . 
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#include  <stdlib.h> 


void  subr  (int64  t*,int64  t*,  int64  t*,  int64  t*,  int); 
int  main ( ) 

{  FILE  * res  map, *res  cpu; 

int  mapnum=0; 
int  n=4; 
int64_t  i ,  j  ; 
int64  t  time  elk; 
int64_t  *x,  *ci,*out; 

int  nonlin[n+l]  [7]; 
int64_t  size=65536; 

x  =  (int64  t  *)  malloc  (size*  sizeof(int64  t) ) ; 
out  =(int64  t  *)  malloc  (  size*  sizeof  (int64  t) ) 
ci  =  (int64  t  *)  malloc  (size*  sizeof (int64  t) ) ; 

for (i=0; i<size; i++) 

{x [i] =i; 
ci [i] =0; 
out [ i ] =0 ; } 

map_allocate  ( 1 ) ; 

subr (x, ci, out, &time  clk,mapnum) ; 

printf("%lld  clocks\n" , time  elk); 
for (i=0; i<=n; i++) 

{ for ( j=0; j<=6; j++) 
nonlin [ i ]  [  j ] =0 ; } 
for (i=0; i<size; i++) 


{ for ( j= 

0; j<=n; j++) 

i 

{  if (ci [i] ==j ) 

{  switch (out [i] ) 
{ 

case  0:  nonlin [ 

j] 

[ 0 ] =nonlin 

[j] 

[0]  +1 

break; 
case  1 : 

nonlin [ 

j] 

[ 1 ] =nonlin 

[j] 

[1]+1 

break; 
case  2 : 

nonlin [ 

j] 

[2 ] =nonlin 

[j] 

[2  ]  +1 

break; 
case  3 : 

nonlin [ 

j] 

[ 3 ] =nonlin 

[j] 

[3]  +1 

break; 
case  4 : 

nonlin [ 

j] 

[ 4 ] =nonlin 

[j] 

[4]  +1 

break; 
case  5 : 

nonlin [ 

j] 

[ 5 ] =nonlin 

[j] 

[5]  +1 

break; 
case  6: 

nonlin [ 

j] 

[ 6] =nonlin 

[j] 

[6]  +1 

break; 

default 

break; 

: 

} 

}  }  } 
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immunity 

immunity 

immunity 

immunity 

immunity 


for ( j=0; j<=6; j++) 

{printf("the  number  of  functions  with  corrleation 
zero  is  %lld\n" , nonlin [0] [ j ] ) ; 


printf ( " 

the  number 

of 

functions 

with 

corrleation 

one 

is  %lld\n" 

, nonlin [ 1 ] [ 

j] 

)  ; 

printf ( " 

the  number 

of 

functions 

with 

corrleation 

two 

is  %lld\n" 

, nonlin [2 ] [ 

j] 

)  ; 

printf ( " 

the  number 

of 

functions 

with 

corrleation 

three 

is  %lld\ 

n" , nonlin [ 3 ]  [ 

j]); 

printf ( " 

the  number 

of 

functions 

with 

corrleation 

four 

is  %lld\n 

" , nonlin [ 4 ] 

[j] ) ; } 

map_f ree ( 1 ) ; 
exit ( 0 ) ; 


} 


2.  subr.mc 


/*******************************************************************/ 
/*  *  / 

/*  subr.mc  -MAP  subroutine  to  find  the  correlation  immunity  of  */ 

/*  all  five  variable  functions.  */ 

/*  */ 

/*  Author:  Carole  Etherington  */ 

/*  *  / 

/*  Last  modified:  November  15,  2010  */ 

/*  */ 

/*  */ 

/*  Description:  This  program  calls  the  macro  my  operator  */ 

/*  that  finds  the  correlation  immunity  of  a  given  function*/ 

/*  and  returns  the  correlation  immunity  of  the  function  */ 

/*  in  a  histogramto  the  program  main.c.  */ 

/*  */ 

/*******************************************************************/ 
#include  <libmap.h> 


void  subr  (int64  t  x[],  int64  t  ci[],int64  t  out [ ] ,  int64  t  *time,  int 
mapnum) 

{ 

OBM_BANK_A(X,  int64_t,  65536) 

0BM_BANK_B (Cl,  int64_t, 65536) 

0BM_BANK_C (OUT, int64_t,  65536) 
int64_t  t0,tl; 
int  i; 

int64  t  myin; 
int8_t  myout; 
int8_t  myciout; 

DMA_CPU (CM20BM,  X, 

MAP_OBM_stripe (1, "A") , x, 1, 65536*sizeof (int64_t) , 0) ; 
wait  DMA ( 0 ) ; 


read  timer (&t0); 
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for(i=0;i<65536;i++) 

{ 

myin=X [ i ] ; 

my_operator (myin, Smyciout,  Smyout) ; 
Cl [i] =myciout; 

OUT [i] =myout; 

} 


read_timer ( &tl ) ; 
*time= (tl-tO) ; 


DMA_CPU (0BM2CM, Cl , MAP_OBM_stripe ( 1 , "B" )  ,  ci ,  1 ,  65536*sizeof (int64_t)  ,  0)  ; 
wait  DMA ( 0 ) ; 

DMA^CPU (OBM2CM, OUT, MAP_OBM_s tripe (1, "C") , out,  1, 65536*sizeof (int64_t)  ,  0) 

r 

wait  DMA ( 0 ) ; 


3,  blk.v 


l'k-k-k-k'k-k-k-k'k-k'k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k 

/*  * 

/*  blk.v  -a  black-box  file  that  specifies  the  input/output  of  * 

/*  corr_imm.v  * 

/*  * 

/*  Authur:  Carole  Etherington  * 

/*  Last  Modified:  19Nov2010  * 

/*  * 

j  ■ k-k'k'k'k'k'k-k'k'k-k-k'k'k'k-k'k-k'k-k'k-k'k-k-k'k'k-k'k-k'k-k'k'k'k'k'k-k'k-k'k'k'k-k'k'k'k-k-k'k'k'k'k'k'k-k-k'k'k-k'k-k-k-k'k'k 


/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 


module  corr  imm(TT  ext,CI  ext, OUT, CLK) ; 

input  CLK; 

input [63:0]  TT_ext; 

output [7:0]  CI_ext; 

output [7:0]  OUT; 

endmodule 


4.  info 


I******************************************************************/ 
/*  */ 

/*  info  -  This  file  provides  information  on  the  latency,  inputs,*/ 
/*  outputs  for  the  macro,  type  of  macro  and  output  for  */ 

/*  debugging  purposes  */ 

/*  Authur:  Carole  Etherington  */ 

/*  Last  Modified:  19Nov2010  */ 

/*  */ 

/******************************************************************/ 

BEGIN  DEF  "my  operator" 

MACRO=  "corr  imm" ; 

STATEFUL  =No7 
EXTERNAL  =NO; 

PIPELINED  =YES  ; 

LATENCY  =5; 
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INPUTS=1 : 

IO=INT  64  BITS  (TT_ext [63 : 0] ) ; 

OUTPUTS=2 : 

O0=INT  8  BITS (CI_ext [7 : 0] ) 

01=INT  8  BITS (OUT [7 : 0] ) ; 

IN_SIGNAL:  1  BITS  "CLK"="CLOCK" ; 

DEBUG_HEADER  =# 

void  my  operator  dbg(int64  t  TT,  int8  t  *CI  Ptr,  int8  t 
*out_Ptr) ; 

#; 

DEBUG_FUNC=# 

void  my  operator  dbg  (int64  t  TT,  int8  t  *CI  Ptr,  int8  t 
*out_Ptr ) 

{ *CI_Ptr=2 ; 

*out_Ptr=2 ; } 

#; 

END  DEF 


corr  imm.v 


module  corr  imm  (Cl  ext,  OUT,  TT  ext,  CLK) ; 
/********************************************************************/ 
/*  corr  imm  i  Verilog  code  that  accepts  the  truth  table,  TT,  of  */ 


an  n-variable  function  and  produces  k  i=l  iff  the 
function  has  cor.  im.  at  least  i,  where  i  is  a 
parameter.  That  is,  corr  imm__i  is  a  called  from 
generate  for  loop  with  index  i.  corr  imm  i  then 
enumerates  all  combinations  of  i  input  variables 
and  produces  k  i=l  iff  for  all  assignments  of 
values  to  the  i  input  variables  the  function  has 
the  same  number  of  l's  (and  holds  for  all 
combinations) .  This  circuit  consists  of  many 
adders,  which  add  the  number  of  l's  in  portions 
of  the  truth  table  of  the  function.  This  circuit 
performs  the  following  sequential  code  for  some 
combination  of  i  variables  indexed  by  comb 
(0  <=  comb  <  C(n,i)) .  This  function  also  outputs 
the  nonlinearity  of  a  given  function 
Created:  October  8,  2010 

Last  Modified:  November  22,  2010 
Author:  C.  Etherington  and  J.  T.  Butler 

/*******************************************************************/ 
parameter  n=4;  //  n  =  number  of  variables 

localparam  N  =  2**n; 


/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 


*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 


localparam  m  =  clogb2 (n) ; 


//  m  =  number  of  bits  to  represent  n. 


wire  [N-l : 0 ] 
input  [63:0] 
input 

wire  [m-1 : 0] 


TT;  //  The  truth  table  of  the  given  function. 

TT^ext; 

CLK; 

Cl;  //  C  can  be  as  large  as  ceil (log_2 (n) .. 
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output 

[7:0] 

Cl  ext 

output 

[7:0] 

OUT; 

wire 

[7:0] 

1; 

wire 

[n :  0 ] 

k//k  [ 

wire 

[n :  0  ] 

temp; 

wire 

[n :  0 ] 

temp 2 ; 

wire 

[n :  0  ] 

temp 3 ; 

wire 

[n :  0  ] 

temp 4 ; 

genvar 

i; 

1  iff  function  has  cor.  im.  at  least  i. 


nl  mapper  ul  (TT, OUT, CLK) ; 


generate 

assign  k[0]=l'bl; 


assign  TT  =TT_ext [N-l : 0] ; 


for  (i=l;  i<=n;  i  =  i+1)//  Enumerate  i  the  index  of  k  to  determine 

//highest  correlation. 

begin:mult  k 

cor_im_i  # ( . n (n) , . i ( i ) )  ul  (k[i],  TT,CLK);  //k[i]=l  iff  TT  has 
//cor.  im.  at  least  i. 

end 


endgenerate 


delay  u3  ( k, temp, CLK)  ; 
delay  u5  (temp, temp2 , CLK) ; 
delay  u6  (temp2, temp3, CLK) ; 
delay  u7  (temp3, temp4, CLK) ; 
pri_enc  u2  (Cl,  CLK,  temp4); 


assign  CI_ext  =  {  {  ( 8-3 )  { 1 ' bO } } ,  Cl  }; 
//Constant  function  to  find  the  ceiling  of 
function  integer  clogb2 (input  integer  d)  ; 
begin 

for (clogb2=0;  d>0;  clogb2  = 
d  =  d  >>  1; 


end 

endfunction 


log  base  two 


clogb2  +  1) 


of  d 


endmodule 


module  delay ( k, temp, CLK); 


parameter  n 

input  [n:0] 

output 

reg  [n:0] 

input 


=  4; 


k; 

temp; 

temp; 

CLK; 


always  @ (posedge  CLK) 


begin 

temp=k; 

end 


endmodule 

module  cor  im  i  (k  i,  TT,CLK); 


81 


r  • k'k'k'k'k-k-k'k'k-k-k'k'k-k'k'k'k-k'k'k'k-k-k'k'k'k'k'k'k-k-k'k'k'k'k-k'k-k'k'k'k-k'k'k'k-k-k'k'k'k'k-k'k-k'k'k'k'k'k'k'k-k-k'k'k'k'k'k 


corr  imm  1 


Created: 


/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/ 

parameter  n  =  4; 
parameter  i  =  2; 
localparam  N  =  2**n; 
localparam  size=comb  nk(n,i) 
combinations  for  choosing 

variables  in  the  function 
input  [N-l : 0]  TT; 

input  CLK; 

output  k_i; 

reg  k_i ; 

reg  [n-l:0]  sum  [64:0]  ; 

integer  comb, u, v, cwc; 


Verilog  code  that  accepts  the  truth  table,  TT,  of 
an  n-variable  function  and  produces  k  i=l  iff  the 
function  has  cor.  im.  at  least  i,  where  i  is  a 
parameter.  That  is,  corr  imm  i  is  a  called  from  a 
generate  for  loop  with  index  i.  corr  imm  i  then 
enumerates  all  combinations  of  i  input  variables 
and  produces  k  i=l  iff  for  all  assignments  of 
values  to  the  i  input  variables  the  function  has 
the  same  number  of  1's  (and  holds  for  all 
combinations) .  This  circuit  consists  of  many 
adders,  which  add  the  number  of  1's  in  portions 
of  the  truth  table  of  the  function.  This  circuit 
performs  the  following  sequential  code  for  some 
combination  of  i  variables  indexed  by  comb 
(0  <=  comb  <  C(n,i)). 

October  8,  2010 
Last  Modified:  November  22,  2010 
Author:  C.  Etherington  and  J.  T.  Butler 


*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 


'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k-k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k'k'k-k'k 


/ 


//  n  =  the  number  of  variables 


//finds  the  number  of  possible 
/ / i  variables  from  the  number  of 
/ /  The  truth  table  of  the  given  function 
//  C  can  be  as  large  as  ceil (log  2 (n) . 


always  @  (posedge  CLK) 


begin 
k  i=l; 

for  (comb=0;  combksize;  comb=comb+l)  //total  number  of  ways  to  pick 
i  varaibles  from  n 
begin 

//if (k_i==l) 
begin 

cwc=int2cwc (n, i, comb) ; 

for  (u=0;  u<=(2**i-l);  u=u+l)  //ennumerates  the  number  of 

//subfunctions  of  size  i  with  different  values 
begin  //Scan  the  2**i  subfunctions. 

sum[u]  =  0;  //stores  number  of  ones  initially  set  to  zero 
for(v=0;  v<=2** (n-i) -1;  v=v+l )/ /ennumerates  the  possible 
//values  of  n-i  variables 

begin 

sum[u]  =  sum[u]  +  TT [index (n, i , cwc, u, v) ]; //totals  the 
//number  of  ones  for  each  value  of  u  by  finding  the 
//fuction  value  for  a  set  u  and  for  each  value  of  v. 

end 
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end 


for  (u=0;  u<2**i-l;  u=u+l) 

begin  //Check  that  all  subfunctions  have  the  same 

if  (sum[u]  !=  sum[u+l] ) //  number  of  Is.  If  not,  set  k  i=0 . 
k  i  =  0  ; 


end 

end 

end 

end 

//Constant  function 

function  integer  index; //Index  to  TT. 

input  integer  n;  //Number  of  variables. 

input  integer  i;  //Prospective  cor.  im.  (1  <=  i  <=  n) 

input  integer  cwc;  //Index  to  i-combination .  input  integer  u; 

//Index  to  subfunction  -  0  <=  u  <  2Ai. 

input  integer  v; //Index  to  minterm  of  subfunction  -  0  <=  v  <  2A(n-i) . 

integer  cwc  temp; 

integer  u  idx,  v  idx,  c  idx; 

integer  u  temp,  v  temp; 

integer  temp; 

begin 

u  idx=i-l; 
v  idx=n-i-l; 
index=0 ; 
u_temp=u; 
v  temp=v; 

cwc_temp=cwc ; 

//the  following  loop  finds  the  truth  table  index  given  a  set  u  and  v 
//the  binary  values  of  u  will  be  place  in  the  corresponding  the 
//binary  values  of  u  will  be  place  in  the  corresponding  binary  one 
//position  of  the  CWC  and  the  binary  values  of  v  are  placed  in 
//the  binary  zero  positions  of  the  CWC 
for (c  idx=(n-l);c  idx>=0;c  idx=c  idx-1) 
begin 

if ( (cwc  temp-2**c  idx)>=0)  //does  the  cwc  have  a  one  in  the 

//c_idx  position 

begin 

cwc  temp=cwc  temp-2**c  idx; 

if ( (u  temp-2**u  idx)>=0)//if  the  u  binary  value  has  a  one  in 

//the  u_idx  position  then 

begin  //the  index  binary  value  will  have  a 

//one  in  the  cwc_idx  position 

index=index+2**c  idx; 
u  temp=u  temp-2**u  idx; 
end 

u  idx=u  idx-1; //one  less  u  binary  value  to  place  in  index 
/ /value 

end 

else  //if  the  cwc  has  a  zero  in  the  c  idx  position 
begin 

if ( (v  temp-2**v  idx)>=0)//if  the  binary  v  value  has  a  one 

//in  the  v  idx  position 
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begin 


//then  the  index  value  will  have  a 
//one  in  the  cwc_idx  position 
index=index+2**c  idx; 
v  temp=v  temp-2**v  idx; 
end 

v  idx=v  idx-1;  //one  less  binary  v  value  to  place 
end 

end 

end 

endfunction 

function  integer  int2cwc ( input  integer  n,  input  integer  i,  input 
integer  comb) ; 

//functions  uses  the  index  value  to  assign  exactly  i  ones  to  a  n  bit 
string 

integer  N,k,comb  temp, temp; 
begin 

N=n-1;//  number  of  positions  to  place  a  one  from  n-1  to  zero 
k=i;  //number  of  ones 
comb  temp=comb; 
int2cwc=0 ; 

while (k>=l//loop  continues  until  all  ones  have  been  placed 
begin 

temp=comb  nk (N, k) ; 

if (comb  temp-temp>=0 )  //if  comb  is  greater  than  N  choose  k 
begin 

int2cwc=int2cwc+2**N; //  then  place  a  one  in  the  N  position 

comb  temp=comb  temp-temp; 

k=k-l ; //decrease  number  of  ones  to  place 

end 

N=N-1 ; //decrease  the  number  of  positions  to  place  a  one. 

end 

end 

endfunction 

function  integer  comb  nk (input  integer  n,  input  integer  k) ; 
integer  k  h, k  l,i; 
begin : f 2 
if  (n  <  k) 
comb  nk  =  0; 
else 
begin 
k  h  =  k  ; 
k_l  =  n  -  k; 
if  (k_l  >  k_h) 
begin 

k  h  =  n  -  k  ; 
k_l  =  k; 
end 

comb  nk  =  1; 

for(i  =  n;  i>k  h;  i  =  i-1) 
comb  nk  =  comb  nk*i; 
for(i  =  1;  i<=k  1;  i  =  i+1) 
comb  nk  =  comb  nk/i; 
end 
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end 

endfunction 

endmodule 

module  pri  enc  (Cl,  CLK,  k) ; 

/*********************************************************************/ 
/*  pri  enc-Verilog  code  for  a  priority  encoder.  It  examines  elements*/ 


/*  of  vector  k[i],  which  will  be  1  for  1  <=  j  and  0  for  */ 
/*  j+1  <=  n,  in  which  case  the  correlation  immunity.  Cl  is  j*/ 
/*  and  produces  the  correlation  immunity,  C,  of  that  */ 
/*  function.  */ 
/*  Created:  October  8,  2010  */ 
/*  Last  Modified:  November  22,  2010  */ 
/*  Author:  C.  Etherington  and  J.  T.  Butler  */ 


/*********************************************************************/ 
parameter  n=4;  //n=  the  number  of  variables 

localparam  m  =  clogb2 (n) ; 
input  CLK; 


input  [n:0] 

k; 

// 

k[i]=l  means 

function  has 

cor.  im.  at  least 

i  . 

output  [m-l:0] 

Cl; 

// 

Cl  can  be  as 

large  as 

ceil (log  2 (n) . 

reg  [m-l:0] 

Cl; 

integer 

i=l ; 

always 

@ (posedge 

CLK) 

begin 
i  =  0; 

/ / Set  i  =  0 

and  check,  for  each 

i  from 

while  ( (i<=n) 

&&  (k [i]  ==  1 'bl) ) 

//  0  to  n,  if  k [i] =1 

When  k 

o 

II 

\ — 1 
+ 

-H 

begin : stage 

//  set  Cl  to 

i  . 

i  =  i  + 1 ; 

end 

Cl  =  i-1 ; 

end 


//Constant  function 

function  integer  clogb2 (input  integer  d) ; 
begin 

for (clogb2=0;  d>0;  clogb2 
d  =  d  »  1; 


end 

endfunction 


clogb2  +  1) 


endmodule 

module  nl  mapper (TT, OUT, CLK) ; 

/********************************************************************/ 


/*  nl  mapper 
/* 

/* 

/* 

/* 

/* 

/* 


Verilog  code  to  convert  the  truth  table  TT  of  a 
given  function  f  into  a  vector,  OUT  of  2A(n+l) 
functions  -  each  with  2An  bits  that  are  the 
distance  vectors  between  f  and  the  2A(n+l)  affine 
functions.  These  are  then  applied  to  a  ones_count 
circuit  to  count  the  number  of  l's,  which  are 
compared  to  find  the  minimum  distance  from  f 


*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 
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to  an  affine  function. 


/* 

/* 

/* 

/* 

/* 

/*  Inputs: 

/*  Outputs: OUT 


to  an  affine  function.  */ 

*/ 

Created:  November  27,  2008  */ 

Last  Modified:  November  22,  2010  */ 

Author:  Jon  T.  Butler  */ 

TT  //Truth  table  of  given  function,  f.  */ 

//Vector  of  2A(n+l)  distances  between  f  and  an  afine*/ 


/*  function.  */ 

/********************************************************************/ 


parameter  n  =  4; 
localparam  N  =  2**n; 
localparam  NN  =  2** (n+1) 
input  CLK; 
wire  CLK; 

input  [63  :  0]  TT; 

output  [7:  0]  OUT; 

integer  i ,  j  ,  k; 
reg  [N-1:0]  temp; 
reg  [N-1:0]  affine; 
reg  [N-1:0]  xored; 
reg  [NN* (n+1) -1 : 0]  count; 


//  n  =  number  of  variables. 

//  N  =  number  of  truth  table  entries. 
//  NN  =  number  of  affine  functions. 


//  Truth  table  of  function  under  test. 
//  Note  that  TT  is  unused.  Modify  this 
//  truth  tables  of  all  distance  vectors. 


always  @(*)  //  truth  tables  of  all  affine  functions, 

begin 

for  (i  =0;  i<NN;  i=i+l) 
begin 

for  (j  =0;  j<N;  j=j+l) 
begin 

affine  [j]=A(i&((j«l)+l)); 
xored [j ] =af f ine [ j ] ATT [ j ]  ; 
end 

temp=Count4 (xored)  ; 
for ( k=0 ; k<n+l ; k=k+l ) 
begin 

count [ (n+1) *i+k] =temp [k] ; 
end 

end 

end 

min  instance  2 
(count, OUT, CLK) ; 
function  [7:0]  Count2; 
input  [3:0]  TT; 
begin:  f2 

Count2  [0]  =TT  [3]  ATT  [2]  ATT  [1]  ATT  [0]  ; 


Count2 [1] = (TT [3] &TT [2] |TT[3]&TT[1] |TT[3]&TT[0] |TT[2]&TT[1] |TT[2]&TT[0] 
TT  [1]  &TT  [0]  )  &~  (TT  [3]  &TT  [2]  &TT  [1]  &TT  [0]  )  ; 

Count2  [2]  =TT  [3]  &TT  [2]  &TT  [1]  &TT  [0]  ; 

Count2 [ 3 ] =1 ' bO ; 

Count 2 [7 : 4 ] =4 'b0000; 


end 

endfunction 
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function  [7:0]Count3; 

input  [7:0]  TT; 

reg  [7:0]  a,  b; 
begin:  f3 
a=Count2 ( TT [ 3 : 0 ] ) ; 
b=Count2 (TT  [7 : 4] ) ; 
Count3=a+b; 
end 

endfunction 
function  [7:0]Count4; 

input  [15:0]  TT; 

reg  [7:0]  c,  d; 
begin:  f4 
c=Count3 (TT  [7  :  0] )  ; 
d=Count3 (TT [15 : 8] )  ; 

Count4=c+d; 

end 

endfunction 
function  [7:0]Count5; 

input  [31:0]  TT; 

reg  [7:0]  e, f ; 
begin:  f5 

e=Count4 (TT  [15 : 0] )  ; 
f=Count4 (TT [31 : 16] ) ; 
Count5=e+f ; 
end 

endfunction 
function  [7:0]Count6; 

input  [63:0]  TT; 
reg  [7:0]  g,h; 
begin:  f6 

g=Count5 (TT  [31 :  0] )  ; 
h=Count5 (TT [ 63 : 32 ] )  ; 
Count6=g+h; 
end 

endfunction 

endmodule 


module  min (IN,  OUT,  CLK) ; 

/*********************************************************************/ 


/*  min.v  -  A  program  to  compare  2A(n+l)  n+l-bit  binary  values  and  */ 
/*  to  deliver  the  smallest  to  the  output.  This  can  be  */ 
/*  configured  by  a  Completely  pipelined  tree  */ 
/*  In  the  case  of  1.  this  runs  at  209.6  MHz.  for  all  */ 
/*  values  of  n.  It  was  tried  for  n  up  to  8.  At  n=8,  it  */ 
/*  takes  more  than  two  minutes  to  compile.  */ 


/*********************************************************************/ 
parameter  n  =  4;  //  Number  of  variables. 

localparam  nn  =  n  +  1;  //  Number  of  bits  in  the  numbers  to  be 

/ / compared . 

localparam  N  =  2**nn;  //  Number  of  numbers  to  be  compared.  It  is  the 

//  number  of  affine  functions. 
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output  [7:0]  OUT;  //  OUT  is  the  smallest  of  the  n+l-bit  inputs 

input  [nn*N-l:0]  IN;  //  IN  is  an  array  of  2A(n+l)  (n+l)-bit  numbers 
reg  [nn*N-l:0]  curr  IN  [nn:0]  ; 

input  CLK; 
integer  i,j; 

always  @  (posedge  CLK) 
begin 

curr  IN[0]  <=  IN; 


for(j=l;  j<=nn;  j=j+l)  //  Enumerate  a  level  in  the 

//comparison  tree. 


begin 

for(i=0;  i<2** (n+1- j ) ;  i=i+l)  //Enumerate  a  position  in 
//the  current  level, 
begin:  increment 

curr_IN [ 0 ]  <=  IN; 

if (curr  IN [j— 1]  [  (  (2*i  +  2) *nn-l ) - : nn]  <  curr  IN[j-l][((2*i  + 

1 )  *nn-l ) - : nn] )  curr  IN [ j ]  [  (  ( i  +  1 ) *nn-l ) - : nn]  <=  curr  IN[j-l][((2*i  + 

2)  *nn-l) - :nn] ; 


else  curr  IN [ j ] [ ( ( i  +  1) *nn-l ) - : nn]  <=  curr  IN [ j - 
1]  [  (  (2*i  +  1) *nn-l) -:nn] ; 

end 


end 


end 

assign  OUT  =  curr_IN [nn] [ (nn-1) - :nn] ; //  curr  IN [ j ] [ ( (i  +  1) *nn- 
l)-:nn]  for  j=nn  and  i=0 . 


endmodule 


H.  CORRELATION  IMMUNITY  AND  NONLINEARITY  FOR  FUNCTIONS 
OF  N=5 


1.  main.c 


j  : k-k'k-k-k-k'k-k'k-k'k-k-k-k'k-k'k-k'k-k-k-k'k-k'k-k-k-k-k-k'k-k'k-k'k-k-k-k'k-k'k-k'k-k-k-k'k-k'k-k'k-k'k-k-k-k'k-k-k-k-k-k'k-k'k-k 

/*  * 

/*  main.c  -a  c  program  designed  to  run  a  SRC6  implentaion  of  * 

/*  corr_imm.v  * 

/*  * 

/*  Authur:  Carole  Etherington  * 

/*  Last  Modified:  22Nov2010  * 

/*  * 

/*  Description:  This  file  calls  a  subroutine  that  returns  * 

/*  the  corrleation  immunity  and  the  nonlinearity  of  * 

/*  of  all  functions  for  n=4 .  * 

j  : k-k'k-k-k-k'k-k'k-k'k-k-k-k'k-k'k-k'k-k-k-k'k-k'k-k-k-k'k-k'k-k'k-k'k-k-k-k'k-k'k-k'k-k-k-k'k-k'k-k'k-k-k-k'k-k'k-k-k-k'k-k'k-k'k-k 

#include  <map.h> 

#include  <stdlib.h> 


/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 
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void  subr  (  int64_t*,  int64_t*,  int); 
int  main ( ) 

{  FILE  * res  map, *res  cpu; 

int  mapnum=0; 
int  n=5; 
int64_t  i , j ; 
int64  t  time  elk; 
int64_t  *ci; 

ci  =  (int64_t  *)  malloc  (78*  sizeof (int64_t) ) ; 

for (i=0; i<78; i++) 

{ 

c  i  [  i  ]  =  0 ;  } 

map_allocate ( 1 ) ; 

subr (ci, &time  clk,mapnum); 

printf("%lld  clocks\n" , time  elk); 

f or ( i=0 ; i<78 ; i++) 

{printf("the  number  of  functions  with  corrleation  immunity  one 
is  %lld\n" , ci [i] ) ; } 

map_f ree  ( 1 ) ; 
exit ( 0 ) ; } 

2.  subr.mc 

/*  */ 

/*  subr.mc  -MAP  subroutine  to  find  the  correlation  immunity  of  */ 

/*  all  five  variable  functions.  */ 

/*  */ 

/*  Author:  Carole  Etherington  */ 

/*  */ 

/*  Last  modified:  November  22,  2010  */ 

/*  */ 

/*  */ 

/*  Description:  This  program  calls  the  macro  my_operator  */ 

/*  that  finds  the  correlation  immunity  of  a  given  function*/ 

/*  and  returns  the  correlation  immunity  of  the  function  */ 

/*  in  a  histogramto  the  program  main.c.  */ 

/*  */ 

/*******************************************************************/ 

#include  <libmap.h> 

void  subr  (  int64  t  ci[],  int64  t  *time,  int  mapnum) 

{ 

0BM_BANK_B (CI,  int64_t,78) 
int64_t  t0,tl; 
int64_t  i , j ; 
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int  k, sel ; 
int64_t  iO, il; 
int8_t  myout; 
int8  t  linout; 
int64_t  size; 
int64_t  a,b; 
int  n=5; 

int64_t  HO [6] [13] ,  HI [6]  [13] ,H2  [6]  [13] ,H3  [6]  [13] ; 
read_timer ( &t0 ) ; 
k=0  ; 

for (i=0; i<6; i++) 

for ( j=0; j  <1 3 ; j++) 

{HO [i] [ j ] =0 ; 

HI [i]  [ j ] =  0 ; 

H2  [i]  [ j ] — 0; 

H3[i]  [ j ] =0 ;  } 

for  (i=0; i<65536; i++) 

{for(j=0;j<65536;j++) 

{  i0=i; 
il=j  ; 

my_operator (iO, il, Smyout,  Slinout)  ; 


sel=k&3 ; 
if ( sel==0 ) 

HO [myout] [linout] ++; 
if ( sel==l ) 

HI [myout] [linout] ++; 
if ( sel==2 ) 

H2 [myout] [linout] ++; 
if ( sel==3 ) 

H3 [myout] [linout] ++; 

k++ ; 

}  } 

k=0  ; 

for (i=0; i<=n; i++) 

for ( j  =0 ; j <=12 ; j  ++) 

[Cl [ k] =H0 [ i ] [ j ] +H1 [ i ] [ j ] +H2 [ i ] [j]+H3[i] [j]; 
k++;  } 

read_timer ( &tl ) ; 

*time= (tl-tO) ; 

DMA_CPU (OBM2CM, Cl , MAP_OBM_stripe ( 1 , "B" )  ,  ci ,  1 , 7  8*sizeof (int64_t)  ,  0) 
wait  DMA ( 0 ) ; } 

3.  blk.v 


/*  */ 

/*  blk.v  -a  black-box  file  that  specifies  the  input/output  of  */ 
/*  corr_imm.v  */ 

/*  */ 

/*  Authur:  Carole  Etherington  */ 

/*  Last  Modified:  19Nov2010  */ 
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/ 

/ 


/*  * 
/****************************************************************** 

module  corr  imm(TT  ext,TT2  ext, Cl  ext, OUT, CLK) ; 
input  CLK; 
input [63:0]  TT_ext; 
input [63:0]  TT2_ext; 
output [7:0]  CI_ext; 
output [7:0]  OUT; 
endmodule 

4.  info 

/'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k'k'k'k-k-k'k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k'k-k-k-k'k-k-k'k'k'k-k-k'k 
/* 

/*  info  -  This  file  provides  information  on  the  latency,  inputs, 

/*  outputs  for  the  macro,  type  of  macro  and  output  for 

/*  debugging  purposes 

/*  Authur:  Carole  Etherington 

/*  Last  Modified:  19Nov2010 

/* 

/•k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k'k'k'k'k'k'k'k'k'k'k-k-k-k'k-k'k'k-k-k'k'k-k 

BEGIN  DEF  "my  operator" 

MACRO=  "corr  imm" ; 

STATEFUL  =NO; 

EXTERNAL  =NO; 

PIPELINED  =YES  ; 

LATENCY  =7; 

INPUTS=2 : 

I0=INT  64  BITS  (TT_ext [63 : 0] ) 

I 1=INT  64  BITS  (TT2_ext [63:0]); 

OUTPUTS=2 : 

O0=INT  8  BITS (CI_ext [7 : 0] ) 

01=INT  8  BITS (OUT  [7 : 0] )  ; 

IN_SIGNAL:  1  BITS  "CLK"="CLOCK" ; 

DEBUG_HEADER  =# 

void  my  operator  dbg(int64  t  TT,int64  t  TT2,  int8  t  *CI  Ptr, 
int8_t  *OUT_PtrT; 

#; 

DEBUG_FUNC=# 

void  my  operator  dbg  (int64  t  TT,  int64  t  TT2,int8  t 
*CI_Ptr, int8_t  *OUT_Ptr)_ 

{ *CI_Ptr=2 ; 

*OUT_Ptr=4 ; } 

#; 

END_DEF 

5.  corrimm.v 

module  corr  imm  (Cl  ext,  OUT,  TT  ext,  CLK)  ; 

/•k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k-k/ 

/*  corr  imm  i  Verilog  code  that  accepts  the  truth  table,  TT,  of  */ 
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*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 


/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 


an  n-variable  function  and  produces  k  i=l  iff  the 
function  has  cor.  im.  at  least  i,  where  i  is  a 
parameter.  That  is,  corr  imm  i  is  a  called  from 
generate  for  loop  with  index  i.  corr  imm  i  then 
enumerates  all  combinations  of  i  input  variables 
and  produces  k_i=l  iff  for  all  assignments  of 
values  to  the  i  input  variables  the  function  has 
the  same  number  of  1's  (and  holds  for  all 
combinations) .  This  circuit  consists  of  many 
adders,  which  add  the  number  of  1's  in  portions 
of  the  truth  table  of  the  function.  This  circuit 
performs  the  following  sequential  code  for  some 
combination  of  i  variables  indexed  by  comb 
(0  <=  comb  <  C(n,i)) .  This  function  also  outputs 
the  nonlinearity  of  a  given  function 
Created:  October  8,  2010 

Last  Modified:  November  22,  2010 
Author:  C.  Etherington  and  J.  T.  Butler 

/*******************************************************************/ 

parameter  n 
localparam  N 
localparam  m 

n . 


*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 

*/ 


5; 

2  *  *  n  ; 

clogb2 (n) ; 


//  n  =  number  of  variables 

//  m  =  number  of  bits  to  represent 


wire 

[N-l : 0 ] 

TT;  / , 

input 

[63:0] 

TT  ext; 

input 

[63:0] 

TT2  ext; 

input 

CLK; 

wire  [] 

o 

\ — 1 

1 

£ 

Cl;  // 

output 

[7:0] 

Cl  ext; 

output 

[7:0] 

OUT; 

wire 

[n :  0  ] 

k; / /k [i] 

wire 

[n :  0 ] 

temp; 

wire 

[n :  0  ] 

temp 2 ; 

wire 

[n :  0 ] 

temp 3 ; 

wire 

[n :  0 ] 

temp 4 ; 

wire 

[n :  0  ] 

temp 5 ; 

wire 

[n :  0  ] 

temp 6; 

genvar 

i; 

nl  mapper  ul (TT, OUT, CLK) ; 


generate 

assign  k[0]=l'bl 
assign  TT[31:16]  =TT_ext [ 15 : 0 ] ; 
assign  TT[15:0]=  TT2_ext [ 15 : 0 ] ; 


for  (i=l;  i<=n;  i  =  i+1)//  Enumerate  i  the  index  of  k  to 

//determine  highest  correlation. 


begin:mult  k 

cor_im__i  #  ( .  n  (n)  ,  .  i  ( i )  )  ul  ( k  [  i  ]  ,  TT,CLK);  //k  [i]  =1 
//iff  TT  has  cor.  im.  at  least  i. 
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end 


endgenerate 


delay  u3  ( k, temp, CLK) ; 
delay  u5  (temp, temp2 , CLK) ; 
delay  u6  ( temp2 , temp3 , CLK)  ; 
delay  u7  (temp3, temp4, CLK) ; 
delay  u8  (temp4, temp5, CLK) ; 


pri_enc  u2  (Cl,  CLK,  temp5); 


assign  CI_ext  =  {  {  ( 8-3 )  { 1 ' bO } } ,  Cl  }; 

//Constant  function  to  find  the  ceiling  of  log  base  two 
function  integer  clogb2 (input  integer  d) ; 
begin 

for (clogb2=0;  d>0;  clogb2  =  clogb2  +  1) 
d  =  d  >>  1 ; 


end 

endfunction 


of  d 


endmodule 


module  delay ( k, temp, CLK) ; 


parameter  n 

input  [n:0] 

output 

reg  [n:0] 

input 


=  5; 


k; 

temp; 

temp; 

CLK; 


always  @ (posedge  CLK) 
begin 
temp=k; 
end 


endmodule 


e  cor  im  i  (k  i,  TT,CLK); 

•k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k'k-k'k'k-k-k'k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k'k-k-k-k/ 


modul 

/  ~k  -k  ~k  -k 

/*  corr  imm  i 
/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 

/* 


Created : 


Verilog  code  that  accepts  the  truth  table,  TT,  of 
an  n-variable  function  and  produces  k  i=l  iff  the 
function  has  cor.  im.  at  least  i,  where  i  is  a 
parameter.  That  is,  corr  imm  i  is  a  called  from  , 
generate  for  loop  with  index  i.  corr  imm  i  then 
enumerates  all  combinations  of  i  input  variables 
and  produces  k_i=l  iff  for  all  assignments  of 
values  to  the  i  input  variables  the  function  has 
the  same  number  of  1's  (and  holds  for  all 
combinations) .  This  circuit  consists  of  many 
adders,  which  add  the  number  of  1's  in  portions 
of  the  truth  table  of  the  function.  This  circuit 
performs  the  following  sequential  code  for  some 
combination  of  i  variables  indexed  by  comb 
(0  <=  comb  <  C(n,i)). 

October  8,  2010 


*/ 
*/ 
*/ 
i  */ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
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/*  Last  Modified:  November  22,  2010  */ 

/*  Author:  C.  Etherington  and  J.  T.  Butler  */ 

/*******************************************************************/ 
parameter  n=5;  //  n  =  the  number  of  variables 

parameter  i  =  2; 
localparam  N  =  2**n; 

localparam  size=comb  nk(n,i);  //finds  the  number  of  possible 

//combinations  for  choosing  i  variables  from  the  number  of 
//variables  in  the  function 


input  [N— 1:0] 

TT; 

// 

The 

truth  table  of  the  given  function 

input 

CLK; 

output 

k_i; 

// 

C 

can  be  as  large  as  ceil (log  2 (n) . 

reg 

k_i ; 

reg  [n-l:0] 

sum  [64:0]  ; 

integer  comb, u, v, cwc; 

always  @ (posedge  CLK) 

begin 
k  i=l; 

for  (comb=0;  comb<size;  comb=comb+l)  //total  number  of  ways  to  pick 
i  varaibles  from  n 
begin 

//if (k_i==l) 
begin 

cwc=int2cwc (n, i, comb) ; 

for  (u=0;  u<=(2**i-l);  u=u+l)  / /ennumerates  the  number  of 

//subfunctions  of  size  i  with  different  values 
begin  //Scan  the  2**i  subfunctions. 

sum[u]  =  0;  //stores  number  of  ones  initially  set  to  zero 
for(v=0;  v<=2** (n-i) -1;  v=v+l )/ /ennumerates  the  possible 
//values  of  n-i  variables 

begin 

sum[u]  =  sum[u]  +  TT [index (n, i , cwc, u, v) ]; //totals  the 
//number  of  ones  for  each  value  of  u. 

//by  finding  the  fuction  value  for  a  set  u  and  for 
//each  value  of  v. 

end 

end 


for  (u=0;  u<2**i-l;  u=u+l) 

begin  //Check  that  all  subfunctions  have  the  same 

if  (sum[u]  !=  sum[u+l] ) //  number  of  Is.  If  not,  set  k  i=0 
k  i  =  0  ; 


end 

end 

end 

end 

//Constant  function 

function  integer  index; // Index  to  TT. 

input  integer  n;  //Number  of  variables. 

input  integer  i;  //Prospective  cor.  im.  (1  <=  i  <=  n) 

input  integer  cwc;  //Index  to  i-combination . 
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input  integer  u;  //Index  to  subfunction  -  0  <=  u  <  2Ai. 

input  integer  v;  //Index  to  minterm  of  subfunction  -  0  <=  v  <  2A(n-i) . 

integer  cwc_temp; 

integer  u  idx,  v  idx,  c  idx; 

integer  u  temp,  v  temp; 

integer  temp; 

begin 

u  idx=i-l; 
v  idx=n-i-l; 
index=0 ; 
u_temp=u; 
v  temp=v; 


cwc_temp=cwc ; 


//the  following  loop  finds  the  truth  table  index  given  a  set  u  and  v 
//the  binary  values  of  u  will  be  place  in  the  corresponding  the 
//binary  values  of  u  will  be  place  in  the  corresponding  binary  one 
//position  of  the  CWC  and  the  binary  values  of  v  are  placed  in 
//the  binary  zero  positions  of  the  CWC 
for (c  idx=(n-l);c  idx>=0;c  idx=c_idx-l) 
begin 

if((cwc  temp-2**c_idx) >=0)  //does  the  cwc  have  a  one  in  the 

//c_idx  position 


begin 

cwc  temp=cwc  temp-2**c  idx; 

if ( (u  temp-2**u  idx)>=0)//if  the  u  binary  value  has  a  one  in 

//the  u  idx  position  then 

Begin  //the  index  binary  value  will  have  a  one  in  the 
//cwc_idx  position 
index=index+2**c  idx; 
u  temp=u  temp-2**u  idx; 
end 


u  idx=u  idx-l;//one  less  u  binary  value  to  place  in  index 
/ /value 


end 

else  //if  the  cwc  has  a  zero  in  the  c  idx  position 
begin 

if ( (v  temp-2**v  idx)>=0)//if  the  binary  v  value  has  a  one 

//in  the  v  idx  position 

begin  //then  the  index  value  will  have  a 

//one  in  the  cwc_idx  position 
index=index+2**c  idx; 
v  temp=v  temp-2**v  idx; 
end 


v  idx=v  idx-1;  //one  less  binary  v  value  to  place 
end 


end 


end 

endfunction 


function  integer  int2cwc ( input  integer  n,  input  integer  i,  input 
integer  comb) ; 

//functions  uses  the  index  value  to  assign  exactly  i  ones  to  a  n  bit 
/ / string 
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integer  N,k,comb  temp, temp; 
begin 

N=n-1;//  number  of  positions  to  place  a  one  from  n-1  to  zero 
k=i;  //number  of  ones 
comb  temp=comb; 
int2cwc=0 ; 

while (k>=l) //loop  continues  until  all  ones  have  been  placed  begin 
temp=comb  nk (N, k) ; 

if (comb  temp-temp>=0 )  //if  comb  is  greater  than  N  choose  k 
begin 

int2cwc=int2cwc+2**N; //  then  place  a  one  in  the  N  position 

comb  temp=comb  temp-temp; 

k=k-l ; //decrease  number  of  ones  to  place 

end 

N=N-1; //decrease  the  number  of  positions  to  place  a  one. 

end 

end 

endfunction 

function  integer  comb  nk (input  integer  n,  input  integer  k)  ; 
integer  k  h, k  l,i; 
begin : f 2 
if (n  <  k) 
comb  nk  =  0; 
else 
begin 
k  h  =  k  ; 
k  1  =  n  -  k ; 
if  (k_l  >  k_h) 
begin 

k  h  =  n  -  k  ; 
k_l  =  k; 
end 

comb  nk  =  1; 

for(i  =  n;  i>k  h;  i  =  i  —  1 ) 
comb  nk  =  comb  nk*i; 
for(i  =  1;  i<=k  1;  i  =  i+1) 
comb  nk  =  comb  nk/i; 
end 
end 

endfunction 

endmodule 

module  pri  enc  (Cl,  CLK,  k) ; 

/*********************************************************************/ 
/*  pri  enc-Verilog  code  for  a  priority  encoder.  It  examines  elements*/ 


/*  of  vector  k[i],  which  will  be  1  for  1  <=  j  and  0  for  */ 
/*  j+1  <=  n,  in  which  case  the  correlation  immunity.  Cl  is  j*/ 
/*  and  produces  the  correlation  immunity,  C,  of  that  */ 
/*  function.  */ 
/*  Created:  October  8,  2010  */ 
/*  Last  Modified:  November  22,  2010  */ 
/*  Author:  C.  Etherington  and  J.  T.  Butler  */ 


/*********************************************************************/ 
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parameter  n  =  5; 
localparam  m  =  clogb2 (n) ; 
input  CLK; 

input  [n:0]  k; 

cor.  im.  at  least  i. 
output  [m-l:0]  Cl; 

ceil ( log_2 (n) . 
reg  [m-l:0]  Cl; 

integer  i=l; 

always  @ (posedge  CLK) 
begin 

i  =  0;  //Set  i  =  0  and  check, 
while  ((i<=n)  &&  ( k [ i ] 

begin: stage  //  set  Cl  to  i. 

i  =  i  + 1  ; 

end 

Cl  =  i-1; 

end 


//  n  =  the  number  of  variables 

//  k [ i ] = 1  means  function  has 
//  Cl  can  be  as  large  as 


for  each  i  from 
==  l'bl) ) 


//Constant  function 

function  integer  clogb2 (input  integer  d) ; 
begin 

for (clogb2=0;  d>0;  clogb2 
d  =  d  »  1; 


end 

endfunction 


clogb2  +  1) 


endmodule 

module  nl  mapper (TT, OUT, CLK) ; 

/********************************************************************/ 
/*  nl  mapper  -  Verilog  code  to  convert  the  truth  table  TT  of  a  */ 
/*  given  function  f  into  a  vector,  OUT  of  2A(n+l)  */ 

/*  functions  -  each  with  2An  bits  that  are  the  */ 

/*  distance  vectors  between  f  and  the  2A(n+l)  affine  */ 

/*  functions.  These  are  then  applied  to  a  ones_count  */ 

/*  circuit  to  count  the  number  of  l's,  which  are  */ 

/*  compared  to  find  the  minimum  distance  from  f  */ 

/*  to  an  affine  function.  */ 

/*  */ 
/*  Created:  November  27,  2008  */ 

/*  Last  Modified:  November  22,  2010  */ 

/*  Author:  Jon  T.  Butler  */ 

/*  Inputs:  TT  //Truth  table  of  given  function,  f.  */ 

/*  Outputs:OUT  //Vector  of  2A(n+l)  distances  between  f  and  an  afine*/ 
/*  function.  */ 

/********************************************************************/ 


parameter  n=5;  //  n  =  number  of  variables, 

localparam  N  =  2**n;  //  N  =  number  of  truth  table  entries, 

localparam  NN  =  2**(n+l);  //  NN  =  number  of  affine  functions, 

input  CLK; 
wire  CLK; 

input  [63  :  0]  TT;  //  Truth  table  of  function  under  test, 

output  [7:  0]  OUT;  //  Note  that  TT  is  unused.  Modify  this 

integer  i,j,k;  //  truth  tables  of  all  distance  vectors, 

reg  [N— 1:0]  temp; 
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reg  [N-1:0]  affine; 

reg  [N-1:0]  xored; 

reg  [NN* (n+1) -1 :0]  count; 

always  @(*)  //  truth  tables  of  all  affine  functions, 

begin 

for  (i  =0;  i<NN;  i=i+l) 
begin 

for  (j  =0;  j<N;  j=j+l) 
begin 

affine  [j]=A(i&((j«l)+l)); 
xored [j ] =af f ine [ j ] ATT [ j ]  ; 
end 

temp=Count4 (xored)  ; 
for ( k=0 ; k<n+l ; k=k+l ) 
begin 

count [ (n+1) *i+k] =temp [k] ; 
end 

end 

end 

min  instance  2 
(count, OUT, CLK) ; 
function  [7:0]  Count2; 
input  [3:0]  TT; 
begin:  f2 

Count2 [0] =TT [3] ATT [2] ATT [1] ATT  [0] ; 

Count2 [1] = (TT [3] &TT [2] |TT[3]&TT[1] |TT[3]&TT[0] |TT[2]&TT[1] |TT[2]&TT[0] 
TT  [1]  &TT  [0]  )  &~  (TT  [3]  &TT  [2]  &TT  [1]  &TT  [0]  )  ; 

Count2  [2]  =TT  [3]  &TT  [2]  &TT  [1]  &TT  [0]  ; 

Count2 [ 3 ] =1 ' bO ; 

Count 2 [7 : 4 ] =4 ' bOOOO ; 


end 

endfunction 
function  [7:0]Count3; 

input  [7:0]  TT; 

reg  [7:0]  a, b; 
begin:  f3 
a=Count2 ( TT [ 3 : 0 ] ) ; 
b=Count2 (TT  [7:4]); 
Count3=a+b; 
end 

endfunction 
function  [7:0]Count4; 

input  [15:0]  TT; 

reg  [7:0]  c, d; 
begin:  f4 
c=Count3 (TT [7 : 0] ) ; 
d=Count3 (TT  [15  :  8] )  ; 

Count4=c+d; 
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end 

endfunction 
function  [7:0]Count5; 

input  [31:0]  TT; 

reg  [7:0]  e, f ; 
begin:  f5 

e=Count4 (TT [15 : 0] )  ; 
f=Count4 (TT [31 : 16] ) ; 
Count5=e+f ; 
end 

endfunction 
function  [7:0]Count6; 

input  [63:0]  TT; 
reg  [7:0]  g,h; 
begin:  f6 

g=Count5 (TT  [31 :  0] )  ; 
h=Count5 (TT [ 63 : 32 ] )  ; 
Count6=g+h; 
end 

endfunction 

endmodule 


module  min (IN,  OUT,  CLK) ; 

/*********************************************************************/ 
/*  min.v  -  A  program  to  compare  2A(n+l)  n+l-bit  binary  values  and  */ 
/*  to  deliver  the  smallest  to  the  output.  This  can  be 

/*  configured  by  a  Completely  pipelined  tree 

/*  In  the  case  of  1.  this  runs  at  209.6  MHz.  for  all 

/*  values  of  n.  It  was  tried  for  n  up  to  8.  At  n=8,  it 

/*  takes  more  than  two  minutes  to  compile. 


*/ 

*/ 

*/ 

*/ 

*/ 


•k'k'k'k-k'k-k'k-k'k'k'k-k-k'k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k'k'k-k'k-k'k-k'k-k'k-k-k'k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k-k'k'k 


/ 

parameter  n  =  5; 
localparam  nn  =  n  +  1; 

localparam  N  =  2**nn; 

output  [7:0]  OUT; 
input  [nn*N-l:0]  IN; 

reg  [nn*N-l : 0] 
input  CLK; 
integer  i , j ; 


/ 


//  Number  of  variables. 

//  Number  of  bits  in  the  numbers  to  be 
/ / compared. 

//  Number  of  numbers  to  be  compared.  It  is  the 
//  number  of  affine  functions. 

//  OUT  is  the  smallest  of  the  n+l-bit  inputs 
//  IN  is  an  array  of  2A(n+l)  (n+l)-bit  numbers 
curr  IN  [nn:0]  ; 


always  @ (posedge  CLK) 
begin 

curr  IN[0]  <=  IN; 


for(j=l;  j<=nn;  j=j+l)  //  Enumerate  a  level  in  the 

//comparison  tree. 

begin 

for(i=0;  i<2**  (n+1- j ) ;  i=i  +  l)  //Enumerate  a  position  in 
//the  current  level, 
begin :  increment 

curr  IN[0]  <=  IN; 
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if (curr  IN[j-l][((2*i  +  2) *nn-l ) - : nn]  <  curr  IN[j-l][((2*i  + 

1)  *nn-l ) - : nn] )  curr  IN [ j ] [ ( ( i  +  1) *nn-l ) - : nn]  <=  curr  IN[j-l][((2*i  + 

2)  *nn-l) - :nn] ; 

else  curr  IN [ j ] [ ( ( i  +  1) *nn-l ) - : nn]  <=  curr  IN [ j 
1]  [  ( (2*i  +  1) *nn-l) -:nn] ; 

end 


end 


end 

assign  OUT  =  curr_IN [nn] [ (nn-1) - :nn] ; //  curr  IN [ j ] [ ( (i  +  1) *nn 
l)-:nn]  for  j=nn  and  i=0 . 


endmodule 
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APPENDIX  B.  PC  CODE 


The  following  is  the  program  used  to  find  the  correlation  immunity  on  the  PC. 

A.  CORRELATION  IMMUNITY  FOR  N=4 


1.  Main.c 


#include  <stdio.h> 

#include  <stdlib.h> 

#include  <time.h> 

int  main  ()  { 

int  pow2 [16] ; 

int  x; 

int 

i, comb, u, v, a, u  temp,v  temp,v  idx,u  idx,N,k,cwc  temp; 

int  comb  temp, cwc, numer, denom, temp, index, c  idx,size; 

clock_t  start, stop; 

double  duration; 

int  sum [ 17 ] ; 

int  ci; 

int  k_i [ 5 ] ; 

int  count  [  5 ]  ; 

int  n=4; 

pow2 [ 0 ] =1 ; 

pow2 [ 1 ] =2 ; 

pow2 [2 ] =4 ; 

pow2 [ 3 ] =8 ; 

pow2 [4] =16; 

pow2 [ 5 ] =32 ; 

pow2 [ 6] =64 ; 

pow2 [7] =128; 

pow2 [8] =256; 

pow2 [9] =512; 

pow2 [10] =1024; 

pow2 [11] =2048; 

pow2 [12] =4096; 

pow2 [ 13] =8192; 

pow2 [14] =16384; 

pow2 [15] =32768; 


for (x=0;x<=65536;x++) 
count [x] =0 ; 

start=clock ( ) ; 
for (x=0;x<10;x++) 

{ k_i [0] =1 ; 

for (i=l; i<=n; i++) 
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{if (k_i[i-l]==l) 

{ numer=l ; 
denom=l ; 

for (a=n; a>i; a--) 
numer=a*numer ; 
f or (a= (n-i ) ; a>l ; a--) 

denom=denom*  a ; 
size=numer/ denom; 
k_i[i]=l; 

for (comb=0; comb<size; comb++) 

{if (k_i[i]==l) 

{N=n-1 ; 
k=i; 

comb  temp=comb; 
cwc=0 ; 

while  ((N>=0)  &&  (k>0)) 

{if (N<k) 
temp=0 ; 
else 

{ numer=l ; 
denom=l ; 

for (a=N; a>k; a--) 
numer=a*numer ; 
f or (a= (N-k) ; a>l ; a--) 
denom=denom*  a ; 
temp=numer/ denom; 

}  / /else 

if ( (comb_temp-temp) >=0) 

{ cwc=cwc+pow2 [N] ; 

comb  temp=comb  temp-temp; 
k=k-l; 

}//if  statement 
N=N-1 ; } 

for (u=0;u<= (pow2 [i] -1) ;u++) 

{ sum [u] =0 ; 

for (v=0;v<= (pow2 [n-i] -1) ;v++) 
{u_idx=i-l; 
v  idx=n-i-l; 
index=0 ; 
u_temp=u; 
v  temp=v; 
cwc_temp=cwc; 

for (c  idx=(n-l);c  idx>=0;c  idx- 


{ if ( (cwc_temp-pow2 [c_idx] ) >=0) 


pow2 [c_idx] ; 
pow2 [u_idx] ) >=0) 

{ index=index+pow2 [c  idx] ; 


{ cwc  temp=cwc  temp- 
if ( (u_temp- 
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pow2 [u_idx] ; 


pow2 [v  idx])>=0) 

{ index=index+pow2 [c  idx]; 
pow2 [v  idx] ; 


u  temp=u  temp- 

}//if  statement 
u  idx=u  idx-1; 
}//if  cwc  statement 

else 

{ if ( (v_temp- 


v  temp=v  temp- 

}//if  statement 
v  idx=v  idx-1; 

}//else  statement 
}//for  c_idx  loop 


if ( (x&pow2 [index] ) ==pow2 [index] ) 


sum [u] =sum [u] +1 ; 


}//v  loop 
} / / uloop 


}}}}//  if  statement  (k=l) 
ci=0  ; 

for (i=l; i<=n; i++) 

[if (k_i[i]==l) 

ci=ci+l ; 

else 


break; 
}//for  loop 


for  (u=0;u<pow2 [i] -l;u++) 

{ if (sum [u] ! =  sum[u+l]) 

{ k_i [  i ] =0 ; 

break; 

}  } 

and  for  comb  and  i  loops 


{ switch  (ci) 

[case  0: 
break; 

count 

[ 0 ] =count 

[ 0 ] +1 ; 

case  1 : 
break; 

count 

[ 1 ] =count 

[i] +i; 

case  2 : 
break; 

count 

[2 ] =count 

[2] +1; 

case  3 : 
break; 

count 

[ 3 ] =count 

[3] +1; 

case  4 : 
break; 

count 

[ 4 ] =count 

[4] +1; 

case  5 : 
break; 
default 
break; 

count 

[ 5 ] =count 

[5] +1; 
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} 

} 

}  //x  loop 
stop=clock ( ) ; 

duration  = (double) (stop-start) /CLOCKS_PER_SEC; 

printf ( " \nThe  number  of  seconds  was  %. 40f\n" , duration); 


printf ( "Histogram  of  maximum  k  for  which  functions  have 
correlation  immunity  k  \n"); 

for (x=0;x<=n;x++) 
printf ("\n  n=%2d\n",  count [x] ) ; 

} //int  main  (int  argc,  char  *argv[])  { 
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